News

Android devices with Qualcomm chips contain serious vulnerability

By admin
Spread the love

A security company has found four serious vulnerabilities in Qualcomm’s drivers for Android that allow a malicious app to take over a device. There is no patch for one of the four vulnerabilities yet.

Security firm Check Point has dubbed the bundle of vulnerabilities QuadRooter and presented details about it at the Def Con conference Sunday. The company has released an Android app that allows users to check if their device is vulnerable.

According to the company, “hundreds of millions” of devices are at risk, including recent smartphones. The vulnerabilities are contained in the driver for Qualcomm chipsets and can be exploited by developing a malicious app that allows an attacker with elevated privileges to access devices and completely take over those systems. Such an app does not require any special permission to exploit the vulnerabilities.

The components that are vulnerable include the ipc_router, which handles communication between Qualcomm components, and ashmem, Android’s memory allocation subsystem. In addition, there are exploitable flaws in the gpu kernel drivers kgsl and kgls_sync.

Check Point warned Qualcomm in April, after which the manufacturer developed and released patches for device manufacturers. Three of the four issues have been resolved with the latest security update from Google, which at least eliminates the risk for Nexus devices. Many manufacturers base their security updates on those of Google, so that updates are now available for many other devices.

No patch is yet available for the fourth vulnerability. Google will publish it in September. Since Qualcomm itself has released the code to manufacturers, it is possible that they develop patches themselves, but this is not certain. Check Point has criticized the unclear security update policy regarding Android. This has been criticized for some time, partly because of the serious Stagefright vulnerability. Stagefright prompted Google to start the monthly patch round. Samsung, LG and Sony, among others, are trying to bring those updates to users as quickly as possible.

You might also like
Games

PlayStation has asked that all Gaming Heads merchandise be destroyed. Now your…

News

Rumor: Apple is working on its own applications based on a large language model

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses