Qualcomm has said that hackers have exploited a zero-day security flaw in dozens of its chipsets found in popular Android devices, however, the impact may be limited. Google’s Threat Analysis Group indicated this vulnerability, and Amnesty International’s Security Lab confirmed it, as per a report.
The zero-day – a type of vulnerability that’s unknown to the hardware maker when it was abused – “may be under limited, targeted exploitation,” Qualcomm said, citing unspecified “indications” from Google’s Threat Analysis Group.The flaws have been fixed.
According to a report by TechCrunch, US cybersecurity agency CISA included the Qualcomm flaw in its list of vulnerabilities that are known to be, or have been, exploited. It added that the details are scarce, but it’s confirmed that this vulnerability was used in real-world attacks, though the specific targets and motives remain unknown.
What Qualcomm has to say
Qualcomm’s spokesperson Catherine Baker told the publication that the company commends “the researchers from Google Project Zero and Amnesty International Security Lab for using coordinated disclosure practices,” allowing the company to roll out fixes for the vulnerability.
Qualcomm has listed 64 different chipsets affected by this vulnerability, including the company’s flagship Snapdragon 8 Gen 1 chipset, which is used in dozens of Android phones, including some made by Motorola, OnePlus, Oppo and Xiaomi, among others — which means that millions of users around the world are potentially vulnerable.
Qualcomm’s spokesperson said that “fixes have been made available to our customers as of September 2024,” and that it is now up to Android smartphone makers to release the patch to their customers’ devices.
