Qualcomm releases raft of security patches, urges users to fix now

Qualcomm
Image credit: Shutterstock (Image credit: Shutterstock)

Qualcomm has released almost two dozen patches for different products, fixing, among other things, a vulnerability most likely being exploited by state-sponsored attackers.

The company's security advisory detailed 20 patches for vulnerabilities affecting different chipsets, including CVE-2024-43047, a high-severity (7.8 score) bug described as “memory corruption while maintaining memory maps of HLOS memory.”

The bug was said to be affecting Snapdragon 660 and above, 5G modems, and FastConnect 6700, 6800, 6900, and 7800 Wi-Fi/Bluetooth kits.

Multiple devices affected

Qualcomm stressed this bug had already been mentioned by Google’s Threat Analysis Group (TAG), the company’s security arm that usually analyzes zero-day vulnerabilities exploited by nation-states and other state-sponsored actors.

"There are indications from Google Threat Analysis Group that CVE-2024-43047 may be under limited, targeted exploitation," the advisory reads. "Patches for the issue affecting the FASTRPC driver have been made available to OEMs together with a strong recommendation to deploy the update on affected devices as soon as possible."

Another notable mention from the batch is the patch for CVE-2024-33066, a vulnerability described as “memory corruption while redirecting log file to any file location with any file name.” It carries a severity score of 9.8 and is deemed critical. However, there is no evidence of abuse in the wild just yet.

Being a major chip manufacturer, Qualcomm is often the target of cybercriminals. Roughly a year ago, Qualcomm found multiple flaws in the Ardeno GPU and Compute DSP drivers (again, after being tipped off by Google’s TAG), which were used in “limited, targeted exploitation”. In that case, as well, it was said that the vulnerabilities were most likely abused by state-sponsored actors in espionage and data exfiltration attacks.

In both cases, Qualcomm urged its customers to apply the available patches as soon as possible.

Via The Register

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
MediaTek
MediaTek reveals host of security vulnerabilities, so patch now
An image of network security icons for a network encircling a digital blue earth.
Industrial networks exposed to attack by faulty Moxa devices
Representational image of a cybercriminal
Microsoft just patched a host of worrying security issues, so update now
Security
Broadcom releases fixes for multiple VMware security flaws
Best free Linux firewalls
SonicWall tells admins to patch worrying SSLVPN flaw immediately
Best free Linux firewalls
Fortinet warns a critical vulnerability in its systems could let attackers breach company networks
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
The Witcher 4
You're probably not playing The Witcher 4 until 2027 at the earliest, per CD Projekt's latest financial update
DeepSeek
DeepSeek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora