Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.
The flaw, identified as CVE-2024-43047, is a use-after-free vulnerability resulting from memory corruption in the DSP Services while maintaining memory maps of HLOS memory.
Google’s Threat Analysis Group has flagged this vulnerability under limited, targeted exploitation.
Qualcomm Technologies, Inc. (QTI) has responded by issuing a security bulletin to assist its customers in incorporating necessary security updates into launched or upcoming devices.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
The bulletin details the security issues addressed in QTI’s proprietary code and provides links to publicly available code where these issues have been resolved.
In response to the threat posed by CVE-2024-43047, patches for the affected FASTRPC driver have been made available to Original Equipment Manufacturers (OEMs).
Qualcomm strongly recommends deploying these updates on affected devices as soon as possible to mitigate potential risks.
Users are advised to contact their device manufacturers for specific information on their devices’ patch status.
While there is currently no evidence linking this vulnerability to ransomware campaigns, the potential for misuse remains significant.
Experts urge users to apply remediations or mitigations according to vendor instructions. If such measures are unavailable, discontinuing the affected product is recommended.
This incident underscores the importance of timely security updates and vigilance among manufacturers and users in safeguarding against emerging cyber threats.
As hackers continue to exploit vulnerabilities in widely used technologies, proactive measures remain essential to protect sensitive data and maintain device integrity.
Upgrade Your Cybersecurity Skills With 100+ Premium Cyber Security Courses Online - Enroll Here
Best DNS Management Tools play a crucial role in efficiently managing domain names and their…
Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS environments…
Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling them…
SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases from…
In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting abuse…
The Metasploit Framework, a widely used open-source penetration testing tool maintained by Rapid7, has introduced…