Qualcomm announced that hackers exploited a zero-day security flaw discovered in dozens of the company’s chipsets. Android deviceHowever, the impact may be limited. The vulnerability was flagged by Google’s Threat Analysis Group and confirmed by Amnesty International’s Security Lab, according to the report.
Zero-day vulnerabilities (types where hardware manufacturers don’t know when they were exploited) “may be subject to limited and targeted exploitation,” Qualcomm said in a statement from Google’s Threat Analysis Group. He cited unspecified “signs.” The defect has been fixed.
According to a report by TechCrunch, the US cybersecurity agency CISA has included the Qualcomm flaw in its list of vulnerabilities that are known to be or have been exploited. Although details are sparse, the vulnerability has been confirmed to have been used in actual attacks, although the specific targets and motivations are unknown.
Qualcomm’s statement
Qualcomm spokeswoman Katherine Baker told the publication that the company praised “researchers at Google Project Zero and the Amnesty International Security Lab for employing collaborative disclosure practices” and said the company He said he is now able to publicly release a fix for this vulnerability.
Qualcomm lists 64 chipsets affected by this vulnerability. These include the company’s flagship chipset, the Snapdragon 8 Gen 1 chipset. This chipset is used in dozens of Android phones, including those made by Motorola. one pluswhich means millions of users around the world, including Oppo and Xiaomi, are potentially vulnerable.
“The fix is available to our customers as of September 2024,” a Qualcomm spokesperson said, adding that it is up to Android smartphone manufacturers to release the patch to their customers’ devices.
