Chipmaker Qualcomm has produced a lot more information and facts about three large-severity security flaws that it reported came beneath “restricted, targeted exploitation” again in October 2023.
The vulnerabilities are as follows –
CVE-2023-33063 (CVSS rating: 7.8) – Memory corruption in DSP Solutions during a distant connect with from HLOS to DSP.
CVE-2023-33106 (CVSS score: 8.4) – Memory corruption in Graphics when publishing a big checklist of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
CVE-2023-33107 (CVSS score: 8.4) – Memory corruption in Graphics Linux though assigning shared virtual memory region through IOCTL connect with.
Google’s Threat Investigation Team and Google Task Zero disclosed back in Oct 2023 that the three flaws, alongside with CVE-2022-22071 (CVSS score: 8.4), have been exploited in the wild as portion of restricted, specific attacks.
A security researcher named luckyrb, the Google Android Security team, and TAG researcher Benoît Sevens and Jann Horn of Google Challenge Zero have been credited with reporting the security vulnerabilities, respectively.
It’s at present not known how these shortcomings have been weaponized, and who are guiding the attacks.
The improvement, having said that, has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to incorporate the four bugs to its Regarded Exploited Vulnerabilities (KEV) catalog, urging federal agencies to implement the patches by December 26, 2023.
It also follows Google’s announcement that the December 2023 security updates for Android deal with 85 flaws, like a critical issue in the Program ingredient tracked as CVE-2023-40088 that “could lead to remote (proximal/adjacent) code execution with no more execution privileges required” and with out any consumer conversation.
Uncovered this write-up interesting? Abide by us on Twitter and LinkedIn to study more unique content material we submit.
Some components of this article are sourced from: