CarderPlanet
Professional
The company has released updates and notified suppliers about the danger.
Qualcomm warned about three zero-day vulnerabilities in the Adreno GPU and Compute DSP drivers, which hackers are actively using in attacks.
The warning comes after the Google TAG and Project Zero teams informed Qualcomm of possible limited and targeted exploitation of vulnerabilities identified as CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063. Qualcomm said it has released security updates addressing issues in the Adreno drivers. GPU and Compute DSP, and informed Original Equipment Suppliers (OEMs).
Vulnerability CVE-2022-22071 (CVSS: 8.4) was disclosed in May 2022 and is being exploited locally after release (Use-After-Free, UAF). The bug affects popular chips such as SD855, SD865 5G, and SD888 5G. The company did not provide details about the actively exploited vulnerabilities CVE-2023-33106, CVE-2022-22071 and CVE-2023-33063, but promised to provide more information in its security bulletin in December 2023. In addition, Qualcomm disclosed 13 high-risk vulnerabilities and three other critical vulnerabilities discovered by the company's engineers.
Unfortunately, there isn't much consumers can do other than apply the available updates as soon as they reach them through regular OEM channels. Usually, driver vulnerabilities require local access for exploitation, which is usually achieved through malware infection. Therefore, owners of Android devices are advised to limit the number of downloaded applications and download them only from reliable sources.
Qualcomm warned about three zero-day vulnerabilities in the Adreno GPU and Compute DSP drivers, which hackers are actively using in attacks.
The warning comes after the Google TAG and Project Zero teams informed Qualcomm of possible limited and targeted exploitation of vulnerabilities identified as CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063. Qualcomm said it has released security updates addressing issues in the Adreno drivers. GPU and Compute DSP, and informed Original Equipment Suppliers (OEMs).
Vulnerability CVE-2022-22071 (CVSS: 8.4) was disclosed in May 2022 and is being exploited locally after release (Use-After-Free, UAF). The bug affects popular chips such as SD855, SD865 5G, and SD888 5G. The company did not provide details about the actively exploited vulnerabilities CVE-2023-33106, CVE-2022-22071 and CVE-2023-33063, but promised to provide more information in its security bulletin in December 2023. In addition, Qualcomm disclosed 13 high-risk vulnerabilities and three other critical vulnerabilities discovered by the company's engineers.
Unfortunately, there isn't much consumers can do other than apply the available updates as soon as they reach them through regular OEM channels. Usually, driver vulnerabilities require local access for exploitation, which is usually achieved through malware infection. Therefore, owners of Android devices are advised to limit the number of downloaded applications and download them only from reliable sources.
