Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.
The flaw, identified as CVE-2024-43047, is a use-after-free vulnerability resulting from memory corruption in the DSP Services while maintaining memory maps of HLOS memory.
Google’s Threat Analysis Group has flagged this vulnerability under limited, targeted exploitation.
Qualcomm Technologies, Inc. (QTI) has responded by issuing a security bulletin to assist its customers in incorporating necessary security updates into launched or upcoming devices.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
The bulletin details the security issues addressed in QTI’s proprietary code and provides links to publicly available code where these issues have been resolved.
In response to the threat posed by CVE-2024-43047, patches for the affected FASTRPC driver have been made available to Original Equipment Manufacturers (OEMs).
Qualcomm strongly recommends deploying these updates on affected devices as soon as possible to mitigate potential risks.
Users are advised to contact their device manufacturers for specific information on their devices’ patch status.
While there is currently no evidence linking this vulnerability to ransomware campaigns, the potential for misuse remains significant.
Experts urge users to apply remediations or mitigations according to vendor instructions. If such measures are unavailable, discontinuing the affected product is recommended.
This incident underscores the importance of timely security updates and vigilance among manufacturers and users in safeguarding against emerging cyber threats.
As hackers continue to exploit vulnerabilities in widely used technologies, proactive measures remain essential to protect sensitive data and maintain device integrity.
Upgrade Your Cybersecurity Skills With 100+ Premium Cyber Security Courses Online - Enroll Here
Secureworks Counter Threat Unit (CTU) researchers have uncovered innovative strategies deployed by the DragonForce and…
Silent Push Threat Analysts have uncovered a widespread phishing and scam operation dubbed "Power Parasites,"…
Researchers from Unit 42 have uncovered a massive wave of SMS phishing, or "smishing," activity…
The Dutch Defense Ministry has revealed that critical infrastructure, democratic processes, and North Sea installations…
Silent Push Threat Analysts have uncovered a chilling new cyberattack campaign orchestrated by the North…
A groundbreaking report from Okta Threat Intelligence reveals how operatives linked to the Democratic People’s…