Latest news with #DaveSchefcik
Time of India
4 days ago
- Business
- Time of India
Qualcomm fixes 3 critical chip vulnerabilities exploited by hackers: List of chipsets affected
Qualcomm has announced that it has released patches for a series of vulnerabilities affecting dozens of its chips, including three zero-day flaws that the chipmaker says may be under active exploitation by hackers. Qualcomm cited Google's Threat Analysis Group (TAG), which focuses on government-backed cyberattacks, indicating that these three flaws 'may be under limited, targeted exploitation.' According to the information revealed by the company, the vulnerabilities were reported to Qualcomm by Google's Android security team in February. What it means for users Due to the open-source and distributed nature of Android, applying these patches for phones running on affected chipsets now falls to individual device manufacturers, such as Samsung, Xiaomi, Vivo, Oppo and more. This means some devices may remain vulnerable for several weeks, even though fixes are available. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like 夢の農場を作り上げよう アドベンチャーゲーム ゲームをプレイ Undo Qualcomm stated in its bulletin that patches were provided to device makers in May, with a strong recommendation for immediate deployment. As per TechCrunch, Qualcomm spokesperson Dave Schefcik acknowledged the fixes, urging "end users to apply security updates as they become available from device makers." Meanwhile, Google spokesperson Ed Fernandez confirmed that Google's Pixel devices are not affected by these specific Qualcomm vulnerabilities. Chipsets in mobile devices are frequent targets for zero-day exploit developers due to their broad access to the operating system. This allows attackers to potentially move to other sensitive data areas on the device. Zero-day vulnerabilities are unknown to the software or hardware maker at the time of discovery, making them valuable targets for cybercriminals and state-sponsored hackers. Scam Series: The "Meme Malware" WhatsApp Scam
India Today
4 days ago
- Business
- India Today
Qualcomm fixes multiple zero-day chip flaws after Google warns of active exploits by hackers
Chipmaker Qualcomm has rolled out security patches to fix three serious zero-day vulnerabilities affecting its Adreno GPU (graphics processing unit) driver, after Google warned that hackers were actively exploiting these flaws in targeted attacks. The issues came to light after Google's Threat Analysis Group (TAG) shared evidence that the vulnerabilities — tracked as CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038 — were being used in the wild. These flaws affect dozens of chipsets and could allow attackers to gain control of a device or install are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation,' Qualcomm said in a security advisory on first two vulnerabilities, CVE-2025-21479 and CVE-2025-21480, were reported to Qualcomm in January by Google's Android Security team. These issues are related to incorrect authorisation in the GPU's graphics framework, which can lead to memory corruption. The third flaw, CVE-2025-27038, was reported in March and is described as a use-after-free bug – a type of memory corruption that happens when a program continues to use memory after it has been freed. The third vulnerability is believed to be connected to the rendering process in Chrome when using Adreno GPU said it provided patches for all three vulnerabilities to original equipment manufacturers (OEMs) in May. The company says that the patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May together with a strong recommendation to deploy the update on affected devices as soon as the specific devices affected were not listed, Qualcomm advised users to contact their device makers for patch information. 'We encourage end users to apply security updates as they become available from device makers,' Qualcomm spokesperson Dave Schefcik said in a also confirmed that its Pixel line of smartphones were not affected by these vulnerabilities, a Google spokesperson told situation is more serious for some Android users, as Google's TAG team also discovered signs of spyware being used alongside these flaws. According to a report from Bleeping Computer, TAG found evidence that attackers used these vulnerabilities to install a spyware called NoviSpy, which can bypass Android's built-in security and gain deep access to a spyware was reportedly installed using a full exploit chain, which involves combining multiple bugs to bypass protections and gain control of the device at the kernel level, which is the deepest layer of the operating discovery adds to growing concerns about how sophisticated threat actors are finding ways to exploit hardware and software vulnerabilities for targeted the fixes now available, Qualcomm and Google are urging phone makers to push the patches to users as soon as possible to prevent further misuse of these security holes. Users, in turn, are advised to keep their devices updated and stay alert for software updates issued by their phone manufacturers.
