Latest Cyber Security News

You are here: Home / General Cyber Security News / Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation
October 3, 2023

Chipmaker Qualcomm has launched security updates to address 17 vulnerabilities in numerous factors, even though warning that 3 other zero-times have arrive beneath active exploitation.

Of the 17 flaws, three are rated Critical, 13 are rated Large, and 1 is rated Medium in severity.

“There are indications from Google Threat Assessment Group and Google Task Zero that CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063 might be less than limited, specific exploitation,” the semiconductor organization said in an advisory.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“Patches for the issues affecting Adreno GPU and Compute DSP drivers have been built out there, and OEMs have been notified with a potent suggestion to deploy security updates as shortly as possible.”

CVE-2022-22071 (CVSS rating: 8.4), described as a use-right after-absolutely free in Automotive OS Platform, was originally patched by the firm as part of its May perhaps 2022 updates.

Cybersecurity

Even though supplemental particulars about the remaining other flaws are predicted to be made general public in December 2023, the disclosure will come the identical working day Arm shipped patches for a security flaw in the Mali GPU Kernel Driver (CVE-2023-4211) that has also occur less than confined, focused exploitation.

Qualcomm’s Oct 2023 updates also handle a few critical issues, although there is no evidence that they have been abused in the wild –

  • CVE-2023-24855 (CVSS score: 9.8) – Memory corruption in Modem even though processing security connected configuration right before AS Security Trade.
  • CVE-2023-28540 (CVSS rating: 9.1) – Cryptographic issue in Facts Modem because of to poor authentication through TLS handshake.
  • CVE-2023-33028 (CVSS rating: 9.8) – Memory corruption in WLAN Firmware while executing a memory duplicate of pmk cache.

Customers are recommended to utilize updates from primary tools brands (OEMs) as before long as they turn into obtainable.

Observed this posting attention-grabbing? Adhere to us on Twitter  and LinkedIn to go through extra special material we submit.


Some parts of this report are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *