Chipmaker Qualcomm has launched far more information and facts about three high-severity security flaws that it stated came below “restricted, qualified exploitation” back again in October 2023.
The vulnerabilities are as follows –
- CVE-2023-33063 (CVSS score: 7.8) – Memory corruption in DSP Companies for the duration of a distant connect with from HLOS to DSP.
- CVE-2023-33106 (CVSS score: 8.4) – Memory corruption in Graphics though submitting a substantial listing of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
- CVE-2023-33107 (CVSS rating: 8.4) – Memory corruption in Graphics Linux even though assigning shared digital memory region for the duration of IOCTL connect with.
Google’s Danger Examination Group and Google Undertaking Zero disclosed again in Oct 2023 that the a few flaws, together with CVE-2022-22071 (CVSS rating: 8.4), have been exploited in the wild as section of confined, qualified assaults.
A security researcher named luckyrb, the Google Android Security team, and TAG researcher Benoît Sevens and Jann Horn of Google Project Zero have been credited with reporting the security vulnerabilities, respectively.
It is really at present not acknowledged how these shortcomings have been weaponized, and who are driving the assaults.
The advancement, on the other hand, has prompted the U.S. Cybersecurity and Infrastructure Security Company (CISA) to incorporate the four bugs to its Known Exploited Vulnerabilities (KEV) catalog, urging federal organizations to implement the patches by December 26, 2023.
It also follows Google’s announcement that the December 2023 security updates for Android handle 85 flaws, which include a critical issue in the Technique component tracked as CVE-2023-40088 that “could guide to distant (proximal/adjacent) code execution with no extra execution privileges necessary” and without the need of any person conversation.
Observed this short article interesting? Follow us on Twitter and LinkedIn to go through additional unique material we submit.
Some parts of this article are sourced from:
thehackernews.com