Latest Cyber Security News

You are here: Home / General Cyber Security News / Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation
October 3, 2023

Chipmaker Qualcomm has launched security updates to address 17 vulnerabilities in numerous factors, even though warning that 3 other zero-times have arrive beneath active exploitation.

Of the 17 flaws, three are rated Critical, 13 are rated Large, and 1 is rated Medium in severity.

“There are indications from Google Threat Assessment Group and Google Task Zero that CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063 might be less than limited, specific exploitation,” the semiconductor organization said in an advisory.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“Patches for the issues affecting Adreno GPU and Compute DSP drivers have been built out there, and OEMs have been notified with a potent suggestion to deploy security updates as shortly as possible.”

CVE-2022-22071 (CVSS rating: 8.4), described as a use-right after-absolutely free in Automotive OS Platform, was originally patched by the firm as part of its May perhaps 2022 updates.

Cybersecurity

Even though supplemental particulars about the remaining other flaws are predicted to be made general public in December 2023, the disclosure will come the identical working day Arm shipped patches for a security flaw in the Mali GPU Kernel Driver (CVE-2023-4211) that has also occur less than confined, focused exploitation.

Qualcomm’s Oct 2023 updates also handle a few critical issues, although there is no evidence that they have been abused in the wild –

  • CVE-2023-24855 (CVSS score: 9.8) – Memory corruption in Modem even though processing security connected configuration right before AS Security Trade.
  • CVE-2023-28540 (CVSS rating: 9.1) – Cryptographic issue in Facts Modem because of to poor authentication through TLS handshake.
  • CVE-2023-33028 (CVSS rating: 9.8) – Memory corruption in WLAN Firmware while executing a memory duplicate of pmk cache.

Customers are recommended to utilize updates from primary tools brands (OEMs) as before long as they turn into obtainable.

Observed this posting attention-grabbing? Adhere to us on Twitter  and LinkedIn to go through extra special material we submit.


Some parts of this report are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *