InfoSecBulletin Cybersecurity for mankind
Qualcomm’s October 2024 Security Bulletin reveals critical vulnerabilities in several chipsets, including the popular Snapdragon mobile platforms and FastConnect solutions. These issues impact various system components like WLAN, DSP, and graphics, posing serious security risks to users globally.
CVE-2024-43047 (CVSS 7.8) is a vulnerability identified by Google’s Threat Analysis Group (TAG) as possibly being exploited in a limited, targeted manner.
Chrome 130 Launches with Patches for 17 Security Vulnerabilities
Researchers Break RSA Encryption with Quantum Computing
Shadowserver's data
87000+ Fortinet devices still open to attack?
Gmail Scam Alert
Billions of Gmail users at risk from sophisticated new AI hack
RansomHub Targets Bangladeshi Confidence Group
Hackers using ChatGPT create malware, OpenAI confirm
TrackMan exposes nearly 32 Million Records
CISA WARNS
CISA Warns of F5 BIG-IP Cookie Exploitation for Network Reconnaissance
CVE-2024-9164: GitLab Users Urged to Update Now
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Patches
“There are indications from Google Threat Analysis Group that CVE-2024-43047 may be under limited, targeted exploitation. Patches for the issue affecting FASTRPC driver have been made available to OEMs together with a strong recommendation to deploy the update on affected devices as soon as possible,” Qualcomm wrote in its security bulletin.
A serious vulnerability (CVE-2024-33066, CVSS 9.8) in the WLAN Resource Manager could let attackers remotely execute harmful code, risking a complete device takeover. This issue, caused by improper input validation, allows memory corruption by redirecting log files. Affected chipsets include Immersive Home Platforms, IPQ series, QCA series, and Snapdragon X65 5G Modem-RF systems.
A high-severity vulnerability (CVE-2024-23369) in the HLOS (Hardware Abstraction Layer Operating System) allows local attackers to exploit memory corruption by manipulating FRS/UDS buffers. This affects Snapdragon mobile platforms, FastConnect series, and QCA series.
The October bulletin discusses various vulnerabilities in open-source software, including a buffer over-read issue in WLAN Host Communication (CVE-2024-33064) that may lead to denial of service or sensitive information leaks.
Qualcomm urges OEMs to quickly apply necessary patches to protect users. Users should update their devices to the latest firmware and check with their manufacturers about patch status for their specific models.
