MemOK Security Platform Vulnerable to Memory Corruption
CVE-2024-43047

7.8HIGH

Key Information:

Vendor: Qualcomm
Status: Snapdragon
Vendor: CVE Published:; 7 October 2024

Badges

👾 Exploit Exists🦅 CISA Reported📰 News Worthy

Summary

The first article discusses two zero-day vulnerabilities in Android that were actively exploited and fixed by Google in their November security updates. These vulnerabilities, tracked as CVE-2024-43047 and CVE-2024-43093, were found to be exploited in limited, targeted attacks. The CVE-2024-43047 vulnerability affected Qualcomm components within the Android kernel and was used in targeted spyware attacks. The second article highlights a severe hardware vulnerability in Samsung Galaxy phones related to the CVE-2024-43047 flaw, urging users to update their devices urgently. However, the update was not available at the time, leaving users with no choice but to continue using their vulnerable phones. The severity of these vulnerabilities could lead to unauthorized access, system compromise, and the potential spread of malware.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Affected Version(s)

Snapdragon Snapdragon Auto FastConnect 6700

Snapdragon Snapdragon Auto FastConnect 6800

Snapdragon Snapdragon Auto FastConnect 6900

News Articles

BleepingComputer

CVE-2024-49848 CVE-2024-43047

New Android NoviSpy spyware linked to Qualcomm zero-day bugs

The Serbian government exploited Qualcomm zero-days to unlock and infect Android devices with a new spyware named 'NoviSpy,' used to spy on activists, journalists, and protestors.

1 month ago