InfoSecBulletin Cybersecurity for mankind
Qualcomm’s October 2024 Security Bulletin reveals critical vulnerabilities in several chipsets, including the popular Snapdragon mobile platforms and FastConnect solutions. These issues impact various system components like WLAN, DSP, and graphics, posing serious security risks to users globally.
CVE-2024-43047 (CVSS 7.8) is a vulnerability identified by Google’s Threat Analysis Group (TAG) as possibly being exploited in a limited, targeted manner.
WhatsApp banned on all US House of Representatives devices
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
“There are indications from Google Threat Analysis Group that CVE-2024-43047 may be under limited, targeted exploitation. Patches for the issue affecting FASTRPC driver have been made available to OEMs together with a strong recommendation to deploy the update on affected devices as soon as possible,” Qualcomm wrote in its security bulletin.
A serious vulnerability (CVE-2024-33066, CVSS 9.8) in the WLAN Resource Manager could let attackers remotely execute harmful code, risking a complete device takeover. This issue, caused by improper input validation, allows memory corruption by redirecting log files. Affected chipsets include Immersive Home Platforms, IPQ series, QCA series, and Snapdragon X65 5G Modem-RF systems.
A high-severity vulnerability (CVE-2024-23369) in the HLOS (Hardware Abstraction Layer Operating System) allows local attackers to exploit memory corruption by manipulating FRS/UDS buffers. This affects Snapdragon mobile platforms, FastConnect series, and QCA series.
The October bulletin discusses various vulnerabilities in open-source software, including a buffer over-read issue in WLAN Host Communication (CVE-2024-33064) that may lead to denial of service or sensitive information leaks.
Qualcomm urges OEMs to quickly apply necessary patches to protect users. Users should update their devices to the latest firmware and check with their manufacturers about patch status for their specific models.
