QualPwn, critical vulnerabilities in Qualcomm chips, that allows attackers to compromise Android device remotely over-the-air. The flaw resides in the Qualcomm’s Snapdragon WLAN component.
The series of vulnerabilities dubbed QualPwn, discovered by Tencent Blade Team, the first two vulnerabilities reside in Qualcomm chips and the third one in Android Kernel.
The vulnerabilities chained together allows attackers to compromise the Android device over-the-air without any user interaction. The over-the-air attack can be triggered if the victim and the attacker connected with the same WiFi network.
Researchers tested with Google Pixel2/Pixel3 and didn’t test with all the phones, “results of our tests indicate that unpatched phones running on Qualcomm Snapdragon 835,845 may be vulnerable.”
CVE-2019-10539(Compromise WLAN Issue) – Possible buffer overflow vulnerability in the WiFi firmware, due to lack of length check while parsing the extended cap IE header length.
CVE-2019-10540 (WLAN into Modem issue) – Buffer overflow vulnerability that affects Qualcomm WLAN and the vulnerability is due to lack of check of the count value received in NAN availability attribute.
Attackers can exploit the vulnerability by sending maliciously crafted packet over air, according to Qualcomm report the vulnerability affects other chipsets that includes, IPQ8074, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS404, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712, SD 710, SD 670, SD 730, SD 820, SD 835, SD 845, SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, and SXR1130.
CVE-2019-10538 (Modem into Linux Kernel issue) – The vulnerability relies on the Qualcomm Linux kernel component for Android, an attacker could exploit the vulnerability to overwrite the Linux kernel for Android.
The vulnerabilities were discovered in February and the researchers reported the details to Google and Qualcomm. In June Qualcomm issued fixes and notified OEMs. Google issued patches for the vulnerability with the August security update.
Users are recommended to update with the latest security updates that rolled out August 5, 2019, that address both of the bugs.
The full details of the bug were and the exploitation steps were not yet disclosed, according to Tencent there is no public full exploit code available.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.
VMware Security Vulnerabilities Leads to Code Execution and Cause DoS Condition
Vulnerability in Apple iMessage Let Hackers Remotely Read Files in iPhone – PoC Released
Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…
The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…
A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…
Meta has announced the removal of over 2 million accounts connected to malicious activities, including…
Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…
A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…