Qualcomm Confirms Zero-Day Exploit in Popular Android Devices - CVE-2024-43047
In a recent development, chipmaker Qualcomm has confirmed that hackers exploited a zero-day vulnerability in dozens of its chipsets found in popular Android devices. This zero-day vulnerability, officially designated CVE-2024-43047, has been under limited, targeted exploitation according to Qualcomm, citing information from Google’s Threat Analysis Group and Amnesty International’s Security Lab.
The U.S. cybersecurity agency CISA has also included the Qualcomm flaw in its list of known exploited vulnerabilities. While details about the exploitation are still scarce, it is believed to have targeted specific individuals in real hacking campaigns.
Qualcomm has already rolled out fixes for the vulnerability, commending the researchers from Google Project Zero and Amnesty International Security Lab for their coordinated disclosure practices. The company has made the fixes available to customers as of September 2024, leaving it up to Android device makers to release the patch to their customers’ devices.
64 different chipsets, including Qualcomm’s flagship Snapdragon 8 (Gen 1) mobile platform, are affected by this vulnerability, potentially impacting millions of users worldwide. However, the investigation into the limited, targeted exploitation of this zero-day suggests that the hacking campaign was aimed at specific individuals rather than a widespread attack.
In conclusion, this zero-day exploit highlights the importance of timely security updates and patches for devices to protect against potential vulnerabilities. It serves as a reminder for individuals and businesses to stay vigilant and ensure their devices are up to date with the latest security measures to safeguard their data and privacy.