Qualcomm has recently released security updates addressing nearly two dozen vulnerabilities across different components, one of which is being actively exploited in the wild.
The most critical vulnerability, labeled as CVE-2024-43047 (CVSS score: 7.8), is a user-after-free bug in the Digital Signal Processor (DSP) Service, potentially leading to memory corruption in HLOS memory.
Google Project Zero researcher Seth Jenkins and Conghui Wang were credited for reporting the flaw, with Amnesty International Security Lab confirming in-the-wild exploitation.
Qualcomm has urged OEMs to deploy patches for the issue affecting FASTRPC driver promptly due to indications of limited, targeted exploitation.
Additionally, October’s patch also fixes a critical flaw in WLAN Resource Manager (CVE-2024-33066, CVSS score: 9.8) caused by improper input validation, leading to memory corruption.
Google has also released its monthly Android security bulletin addressing 28 vulnerabilities, including components from Imagination Technologies, MediaTek, and Qualcomm.
The full extent and impact of the attacks are not yet fully known, but it’s speculated that they could have been used in spyware attacks targeting civil society members.
Stay updated with more exclusive content by following us on Twitter and LinkedIn.