Phone chipmaker Qualcomm fixes three zero-days exploited by hackers

Qualcomm has released patches to address several vulnerabilities in its chips, including three zero-day flaws that may be actively exploited in hacking campaigns. These vulnerabilities were reported to Qualcomm by Google's Android security team in February. Zero-days are particularly valuable to cybercriminals and government hackers because they are unknown to the software or hardware maker at the time of discovery. Although Qualcomm has provided patches to device manufacturers, the open-source nature of Android means that some devices may remain vulnerable until the patches are applied.

Google's Pixel devices are reportedly not affected by these vulnerabilities. Qualcomm has urged device makers to deploy the updates promptly. The vulnerabilities highlight the frequent targeting of chipsets in mobile devices by hackers, as these chips have extensive access to the operating system, potentially allowing hackers to access sensitive data. In recent months, there have been instances of exploitation involving Qualcomm chipsets, including a case identified by Amnesty International where a zero-day was used by Serbian authorities.

Key takeaways

Qualcomm released patches for vulnerabilities in its chips, including three zero-days potentially used in hacking campaigns.
Google's TAG reported the zero-days to Qualcomm, and device manufacturers must now apply the patches.
Google's Pixel devices are not affected by these vulnerabilities.
Qualcomm chipsets are frequent targets for hackers due to their wide access to the operating system.

Phone chipmaker Qualcomm fixes three zero-days exploited by hackers | TechCrunch

Key takeaways

Discussion (0)