Qualcomm Announces a New Release of Patches
Patches To Cover Two Dozen Vulnerabilities
U.S. chip giant Qualcomm has announced the release of patches for over two dozen vulnerabilities found in its products. These patches address three zero-day vulnerabilities that were reported to the company by Google's cybersecurity units.
The vulnerabilities tracked as CVE-2023-33106, CVE-2023-33107, CVE-2023-33063, and CVE-2022-22071 were identified as potentially under limited, targeted exploitation. However, it is worth noting that CVE-2022-22071 was previously patched by Qualcomm in May.
While details about the attacks exploiting these vulnerabilities have not been shared, the fact that they were reported by Google suggests that they may have been targeted by commercial spyware vendors. Google's Threat Analysis Group and Google Project Zero have investigated various exploit chains linked to spyware vendors in recent years, with threat actors leveraging these exploits to deliver spyware to Android and iOS devices that utilize Qualcomm chips.
Qualcomm's recently announced patches also address a majority of other vulnerabilities of critical and high severity, although these were internally discovered by the company.
The impacted areas primarily include modems, WLAN firmware, and automotive products, with the vulnerabilities described as memory bugs and information disclosure issues. Memory bugs can potentially result in arbitrary code execution or denial of service (DoS) attacks.
In a related development, Google has released Android security updates that patch two zero-day vulnerabilities, one of which is CVE-2023-4211. This particular bug affects the Arm Mali GPU driver and has been a target in attacks delivering spyware.
The release of these patches by Qualcomm and Google highlights the ongoing efforts made by technology companies to address vulnerabilities and protect users from potential threats.
By promptly addressing these issues, companies can mitigate the risk of exploitation by threat actors and ensure the security and privacy of their customers.
As technology continues to advance, companies must prioritize cybersecurity and collaborate with industry experts to identify and address vulnerabilities effectively. By doing so, they can stay one step ahead of cybercriminals and safeguard the integrity of their products and services.