Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation

    justmattgBy justmattgOctober 3, 2023No Comments2 Mins Read

    [ad_1]

    Oct 03, 2023THNZero Day / Vulnerability

    Qualcomm

    Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation.

    Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity.

    “There are indications from Google Threat Analysis Group and Google Project Zero that CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063 may be under limited, targeted exploitation,” the semiconductor company said in an advisory.

    “Patches for the issues affecting Adreno GPU and Compute DSP drivers have been made available, and OEMs have been notified with a strong recommendation to deploy security updates as soon as possible.”

    CVE-2022-22071 (CVSS score: 8.4), described as a use-after-free in Automotive OS Platform, was originally patched by the company as part of its May 2022 updates.

    Cybersecurity

    While additional specifics about the remaining other flaws are expected to be made public in December 2023, the disclosure comes the same day Arm shipped patches for a security flaw in the Mali GPU Kernel Driver (CVE-2023-4211) that has also come under limited, targeted exploitation.

    Qualcomm’s October 2023 updates also address three critical issues, although there is no evidence that they have been abused in the wild –

    • CVE-2023-24855 (CVSS score: 9.8) – Memory corruption in Modem while processing security related configuration before AS Security Exchange.
    • CVE-2023-28540 (CVSS score: 9.1) – Cryptographic issue in Data Modem due to improper authentication during TLS handshake.
    • CVE-2023-33028 (CVSS score: 9.8) – Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.

    Users are advised to apply updates from original equipment manufacturers (OEMs) as soon as they become available.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleName That Edge Toon: Office Artifacts
    Next Article Russian Hacktivism Takes a Toll on Organizations in Ukraine, EU, US
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑