Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.
The flaw, identified as CVE-2024-43047, is a use-after-free vulnerability resulting from memory corruption in the DSP Services while maintaining memory maps of HLOS memory.
Google’s Threat Analysis Group has flagged this vulnerability under limited, targeted exploitation.
Qualcomm Technologies, Inc. (QTI) has responded by issuing a security bulletin to assist its customers in incorporating necessary security updates into launched or upcoming devices.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
The bulletin details the security issues addressed in QTI’s proprietary code and provides links to publicly available code where these issues have been resolved.
In response to the threat posed by CVE-2024-43047, patches for the affected FASTRPC driver have been made available to Original Equipment Manufacturers (OEMs).
Qualcomm strongly recommends deploying these updates on affected devices as soon as possible to mitigate potential risks.
Users are advised to contact their device manufacturers for specific information on their devices’ patch status.
While there is currently no evidence linking this vulnerability to ransomware campaigns, the potential for misuse remains significant.
Experts urge users to apply remediations or mitigations according to vendor instructions. If such measures are unavailable, discontinuing the affected product is recommended.
This incident underscores the importance of timely security updates and vigilance among manufacturers and users in safeguarding against emerging cyber threats.
As hackers continue to exploit vulnerabilities in widely used technologies, proactive measures remain essential to protect sensitive data and maintain device integrity.
Upgrade Your Cybersecurity Skills With 100+ Premium Cyber Security Courses Online - Enroll Here
A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently detailed…
Since mid-2024, cybersecurity researchers have been monitoring a sophisticated Android malware campaign dubbed "Tria Stealer,"…
Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton Pass,…
The cybersecurity landscape faces increasing challenges as Arcus Media ransomware emerges as a highly sophisticated…
Proofpoint researchers have identified a marked increase in phishing campaigns and malicious domain registrations designed…
A recent investigation by Unit 42 of Palo Alto Networks has uncovered a sophisticated, state-sponsored…