Qualcomm’s System Being Actively Exploited by Hackers Using Three New Zero-Days
Hey there, Bay Area friend! Have you heard about Google’s Project Zero team? They’ve been diligently uncovering vulnerabilities and getting the word out to keep us all securely connected. Lately, they’ve had their hands full with some issues related to Qualcomm’s technology. Here’s the scoop!
Recently, the Google Threat Analysis Group discovered three new zero days. Quite a startling way to start a day, don’t you agree? These are identified as CVE-2023-33106, CVE-2023-33107, and CVE-2023-33063. They found that along with these vulnerabilities, threat actors also exploited CVE-2022-22071.
You might recollect that Qualcomm addressed this CVE-2022-22071 in their security bulletin back in May 2022. It’s relating to something in their SnapDragon processors. Good news is, Qualcomm is on top of these things. So, they addressed it promptly once they were notified.
Then comes October 2023, and Qualcomm published a new security bulletin. This notice isn’t just a one-pager folks, it’s got a whole list of vulnerabilities ranging in severity from Critical, to High, and Medium. I tell you, it’s like a rollercoaster ride over at Qualcomm!
Diving into the nitty-gritty, there are three critical vulnerabilities noticed, with 13 tagged under high severity. Let’s take a quick look at these critical ones.
First up, we have CVE-2023-24855 – a nasty memory corruption vulnerability in the Modem. Second, is CVE-2023-28540 – this one involves a cryptographic issue in the Data Modem. Last but not the least, we have CVE-2023-33028 – this is linked with a memory corruption vulnerability in the WLAN Firmware.
The scariest part? These issues can be remotely exploited. But hang tight, there’s a silver lining. There’s zilch evidence to suggest these vulnerabilities are being exploited by the baddies in the wild.
Now, let’s tie it all up. Qualcomm has detailed these vulnerabilities aplenty in their comprehensive security bulletin. This is not to spook any users, but rather for awareness and prompt action.
But don’t panic just yet. You see, Qualcomm’s a good sport and are prompt at providing firmware updates. To stay safe, it’s recommended to keep your software up to date. Just like taking your multivitamins, yeah?
In a nutshell, the cyber world can definitely be a hairy place, but there’s always folks out there looking out for us. We’ve got the big league players like Google and Qualcomm, who are not just uncovering vulnerabilities but also working tirelessly to neutralise them. All we can do, friend, is keep our tech updated and our vigilance level high. Stay safe out there!
by Morgan Phisher | HEAL Security