Overview of the Exploit
Hackers recently leveraged a serious security weakness, said to be a “zero-day,” that exists within the Qualcomm chipsets used in many popular Android devices. Qualcomm confirmed that at the time they were first exploited by hackers, they were unaware of the bug, which was tracked under CVE-2024-43047. This flaw actually existed in real-world cyberattacks where it could have impacted millions of Android users globally.
Vulnerability Details
This zero-day flaw was uncovered in 64 different Qualcomm chipsets, including the highly sought-after flagship Snapdragon 8 (Gen 1), a chipset used by many Android devices from reputable brands such as Motorola, Samsung, OnePlus, Oppo, Xiaomi, and ZTE. In their advisory, Qualcomm states that attackers have been able to exploit the flaw, but the company does not elaborate on who the attackers are or what their motive might be or who they specifically targeted. In light of both Google’s Threat Analysis Group (TAG) and the Amnesty International Security Lab investigating the incidents, Qualcomm believes these instances constitute “limited, targeted exploitation,” rather than widespread attacks.
Response to Attack
The vulnerability was apparently noticed by the CISA US, who have listed it on their known exploited vulnerabilities list. Qualcomm has issued appreciation to Google Project Zero and Amnesty International’s Security Lab for coordinated disclosure of this vulnerability. Through such coordination, Qualcomm
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.