Qualcomm has released an update to address an actively exploited zero-day vulnerability impacting dozens of its chipsets used by mobile devices running Android OS.
The flaw, designated CVE-2024-43047, is a use-after-free bug in the Digital Signal Processor (DSP) service that could allow a threat actor with local access and low privileges to corrupt memory.
Qualcomm has advised that CVE-2024-43047 may be under limited, targeted exploitation. While the full scope of CVE-2024-43047’s exploitation is presently unknown, historically these types of vulnerabilities are weaponized as part of spyware attacks targeting specific high-risk individuals, such as journalists, dissidents, and opposition politicians.
Source: Bleeping Computer
Analysis
Qualcomm chipsets are found in laptops, tablets, and mobile phones manufactured by dozens, if not hundreds, of different companies including Samsung, Sony, and Google. This provides threat actors looking to exploit CVE-2024-43047 with a huge attack surface.
However, the threat of CVE-2024-43047 is mitigated by the fact that threat actors need local access to the device to exploit it. This means a threat actor would have to physically steal the device, exploit CVE-2024-43047 to install malware, and then return the device to its owner.
Given that this type of operation requires great planning and understanding of the target’s behaviour, they are usually only conducted by law enforcement or intelligence agencies against select individuals. Thus, the exploitation of CVE-2024-43047 is unlikely to impact the average user.
Mitigation
Field Effect’s Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in hardware like Qualcomm. Field Effect MDR users are automatically notified if vulnerable hardware is detected in their environment and encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect recommends that impacted users of devices with Qualcomm chipsets update to the latest version of the relevant operating system. Furthermore, users should enable automatic updates to ensure their device is secure from the latest threats and vulnerabilities as soon as patches become available.
Related Articles
