Qualcomm chips flaws put billions mobile phones at risk, vendors advised to patch
Take action: It's not the first time that a chip in mobile phones is vulnerable to exploits. Unfortunately, you as users can't fix this issue. All you can do is be diligent with updating your phone OS and firmware as the updates from the vendor are released. But the vendor now has one more thing to patch, so don't ignore the updates.
Learn More
Qualcomm has issued warnings regarding three zero-day vulnerabilities found in its GPU and Compute DSP drivers, currently being exploited by hackers.
These alerts were based on information from Google’s Threat Analysis Group (TAG) and Project Zero teams, identifying the vulnerabilities as CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063.
Qualcomm has released security updates to fix these issues in its Adreno GPU and Compute DSP drivers, communicating this to affected Original Equipment Manufacturers (OEMs) for prompt implementation.
One significant flaw, CVE-2022-22071, categorized as high-severity, is a use-after-free bug affecting widely-used chips. However, details about the other actively exploited vulnerabilities are undisclosed, with further information expected in Qualcomm’s December 2023 security bulletin.
Additionally, Qualcomm's security bulletin highlighted three other critical vulnerabilities: CVE-2023-24855, CVE-2023-28540, and CVE-2023-33028, each with severe implications.
Qualcomm has addressed a total of 17 vulnerabilities, including three zero-day vulnerabilities, urging OEM manufacturers to apply patches promptly and stay vigilant to mitigate potential risks.
