Android chipmaker Qualcomm fixes three zero-days exploited by hackers

Qualcomm has released patches to address multiple vulnerabilities in its chips, including three zero-day flaws that may be actively exploited in targeted hacking campaigns. These vulnerabilities were reported to Qualcomm by Google’s Android security team in February, and the patches were made available to device manufacturers in May. However, due to the open-source nature of Android, it is now up to the manufacturers to implement these patches, which means some devices may remain vulnerable for weeks. Google confirmed that its Pixel devices are not affected by these vulnerabilities.

Qualcomm emphasized the importance of applying security updates promptly, as chipsets in mobile devices are frequent targets for hackers due to their access to the operating system. Recent cases have shown exploitation of Qualcomm chipsets, including a zero-day used by Serbian authorities. Qualcomm encourages users to update their devices as soon as manufacturers release the patches.

Key takeaways

Qualcomm released patches for vulnerabilities in dozens of chips, including three zero-days potentially used in hacking campaigns.
Google's TAG reported the three zero-days to Qualcomm, which may be under limited, targeted exploitation.
Device manufacturers need to apply Qualcomm's patches, meaning some devices may remain vulnerable for weeks.
Google's Pixel devices are not affected by these Qualcomm vulnerabilities.

Android chipmaker Qualcomm fixes three zero-days exploited by hackers | TechCrunch

Key takeaways

Discussion (0)