Thread Contributor: TheEvilSocksMajor security flaw in Qualcomm chip exposes 900M android users
Four previously undisclosed security vulnerabilities found in Android phones and tablets that ship with Qualcomm chips could let a hacker take full control of an affected device.
Almost a billion Android devices are affected by the "high" risk privilege escalation vulnerabilities, dubbed "Quadrooter," say researchers at security firm Check Point.
Vulnerable phones include the Samsung Galaxy S7, Moto Z, HTC 10, LG G5, OnePlus 3, Nexus 6P, and many other high-end devices. CheckPoint contends that about 900 million Android devices are vulnerable to the flaws on some level. Although, it’s not clear how it arrived at that number. While Qualcomm chips are the most common, there are phones on the market that run other types of SoCs. For example, budget phones with MediaTek chips and Samsung devices that run Exynos.
Qualcomm has already made the necessary changes on its end, but the problem here is the fragmentation. People have been wringing their hands about Android fragmentation for years, but it’s hardly a doom and gloom scenario anymore. Three of the four vulnerabilities have been patched as of the August security update level, and the last one should be included in next month’s patch. That means Nexus devices are safe. Samsung also tends to get security patches out to its phones in a timely manner. Everything else is going to be delayed at least a few months as OEMs and carriers build and test the updates. Many phones shipping now are still running security patches from early this summer, which don’t block the QuadRooter exploits.

As much as I hate Checkpoint's products, their research team did a nice write-up on this that's formatted excellently.

I've mirrored it on the Internet Archive. It's 1MB, and well worth a read.


Forum Jump:

Users browsing this thread: 1 Guest(s)