MemOK Security Platform Vulnerable to Memory Corruption

CVE-2024-43047

7.8HIGH

Key Information

Vendor: Qualcomm
Status: Snapdragon
Vendor: CVE Published:; 7 October 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

The first article discusses two zero-day vulnerabilities in Android that were actively exploited and fixed by Google in their November security updates. These vulnerabilities, tracked as CVE-2024-43047 and CVE-2024-43093, were found to be exploited in limited, targeted attacks. The CVE-2024-43047 vulnerability affected Qualcomm components within the Android kernel and was used in targeted spyware attacks. The second article highlights a severe hardware vulnerability in Samsung Galaxy phones related to the CVE-2024-43047 flaw, urging users to update their devices urgently. However, the update was not available at the time, leaving users with no choice but to continue using their vulnerable phones. The severity of these vulnerabilities could lead to unauthorized access, system compromise, and the potential spread of malware.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-43047 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.