Qualcomm has recently released security updates to address multiple vulnerabilities in various components [2] [3], including critical ones [1] [4]. Additionally, they have issued a warning about actively exploited zero-day vulnerabilities.
Description
Qualcomm has identified and addressed a total of 17 vulnerabilities in their components. Among these, three are classified as critical. They have also identified three zero-day vulnerabilities that are currently being actively exploited [1] [4]. The specific vulnerabilities that are being targeted include CVE-2023-33106, CVE-2023-33107 [1] [2] [4], CVE-2022-22071 [1] [4], and CVE-2023-33063 [1] [2] [4].
To address these vulnerabilities [1] [2] [3] [4], Qualcomm has made patches available for issues affecting Adreno GPU and Compute DSP drivers [3]. They have advised original equipment manufacturers (OEMs) to promptly deploy these updates. Additionally, Arm has released patches for a security flaw in the Mali GPU Kernel Driver (CVE-2023-4211) [1] [2] [3] [4], which is also being targeted [1] [3].
In their October 2023 updates, Qualcomm has addressed three critical issues, including memory corruption and a cryptographic issue [3]. Fortunately, there is currently no evidence of these critical issues being exploited in the wild.
Users are strongly advised to apply updates from their OEMs as soon as they become available. The specific details of these vulnerabilities will be disclosed in December 2023 [2].
Conclusion
The release of these security updates by Qualcomm is crucial in mitigating the risks posed by the identified vulnerabilities. By promptly deploying the patches, OEMs can ensure the protection of their devices and users. It is important for users to stay vigilant and apply the updates as soon as they are made available to safeguard against potential exploitation. Looking ahead, the disclosure of the specific vulnerability details in December 2023 will provide further insights and enable the development of more effective security measures.
References
[1] https://osintcorp.net/qualcomm-releases-patch-for-3-new-zero-days-under-active-exploitation/
[2] https://thehackernews.com/2023/10/qualcomm-releases-patch-for-3-new-zero.html
[3] https://vulners.com/thn/THN:B4CBF3EA109592B01398E063948C7F95
[4] https://flyytech.com/2023/10/03/qualcomm-releases-patch-for-3-new-zero-days-under-active-exploitation/
