Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.
The flaw, identified as CVE-2024-43047, is a use-after-free vulnerability resulting from memory corruption in the DSP Services while maintaining memory maps of HLOS memory.
Google’s Threat Analysis Group has flagged this vulnerability under limited, targeted exploitation.
Qualcomm Technologies, Inc. (QTI) has responded by issuing a security bulletin to assist its customers in incorporating necessary security updates into launched or upcoming devices.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
The bulletin details the security issues addressed in QTI’s proprietary code and provides links to publicly available code where these issues have been resolved.
In response to the threat posed by CVE-2024-43047, patches for the affected FASTRPC driver have been made available to Original Equipment Manufacturers (OEMs).
Qualcomm strongly recommends deploying these updates on affected devices as soon as possible to mitigate potential risks.
Users are advised to contact their device manufacturers for specific information on their devices’ patch status.
While there is currently no evidence linking this vulnerability to ransomware campaigns, the potential for misuse remains significant.
Experts urge users to apply remediations or mitigations according to vendor instructions. If such measures are unavailable, discontinuing the affected product is recommended.
This incident underscores the importance of timely security updates and vigilance among manufacturers and users in safeguarding against emerging cyber threats.
As hackers continue to exploit vulnerabilities in widely used technologies, proactive measures remain essential to protect sensitive data and maintain device integrity.
Upgrade Your Cybersecurity Skills With 100+ Premium Cyber Security Courses Online - Enroll Here
Penetration testing companies play a vital role in strengthening the cybersecurity defenses of organizations by…
Cybersecurity researchers continue to track sophisticated "Click Fix" style distribution campaigns that deliver the notorious…
In a novel and concerning development, multiple U.S. organizations have reported receiving suspicious physical letters…
The cybersecurity landscape has recently been impacted by the emergence of the Strela Stealer malware,…
A recent discovery by the Socket Research Team has unveiled a malicious PyPI package named…
A recent cybersecurity threat has emerged where unknown attackers are exploiting a critical remote code…