Topics
late
AI
Amazon
Image Credits:Bryce Durbin/TechCrunch
Apps
Biotech & Health
Climate
Image Credits:Bryce Durbin/TechCrunch
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
gizmo
punt
Government & Policy
Hardware
layoff
Media & Entertainment
Meta
Microsoft
privateness
Robotics
surety
Social
quad
Startups
TikTok
expatriation
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
TV
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
On Monday , chipmaker Qualcommconfirmedthat hackers exploited azero - day — meaning a security flaw that was unknown to the ironware maker when it was abused — in dozens of its chipsets receive in popular Android machine .
The zero - day exposure , officially designatedCVE-2024 - 43047 , “ may be under limited , targeted victimisation , ” allot to Qualcomm , cite unspecified “ indication ” from Google ’s Threat Analysis Group , the society ’s enquiry unit that investigates regime hacking threats . Amnesty International ’s Security Lab , which solve to protect civil guild from digital surveillance and spyware threat , confirm Google ’s assessment , Qualcomm said .
U.S. cybersecurity bureau CISA include the Qualcomm flawin its list of vulnerabilitiesthat are sleep with to be , or have been , exploited .
At this pointedness , there are n’t many point about who was exploiting this vulnerability “ in the natural state ” — mean that whoever was using the zero - Clarence Day was direct person in real whoop political campaign . It also is not yet experience which individuals were aim , or why .
Qualcomm ’s spokesperson Catherine Baker tell apart TechCrunch that the company commends “ the researchers from Google Project Zero and Amnesty International Security Lab for using coordinated revealing practice session , ” allowing the companionship to roll out hole for the vulnerability .
The chipmaker referred to Amnesty and Google for more inside information about the menace bodily function .
Amnesty voice Hajira Maryam told TechCrunch that the non-profit-making will have research about this vulnerability “ due to be out soon . ”
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
Google spokesperson Kimberly Samra said TAG has nothing to tot at the moment .
Qualcomm ’s spokesperson read that “ fix have been made available to our customers as of September 2024 . ” It ’s now up to Qualcomm ’s client — the Android twist Godhead that use the vulnerable chipsets — to release the patch to their customers ’ devices .
In its advisory , Qualcomm listed 64 dissimilar chipsets dissemble by this vulnerability , including the fellowship ’s flagship Snapdragon 8 ( Gen 1 ) mobile platform , which is used indozens of Android telephone , including some made by Motorola , Samsung , OnePlus , Oppo , Xiaomi , and ZTE — meaning millions of users around the world are potentially vulnerable .
That being say , the fact that Google and Amnesty are investigating the consumption of this zero - day under “ modified , targeted exploitation ” evoke the hack military campaign was in all probability used against specific individuals , rather than a orotund bit of object .
Brian Heater add reporting .
UPDATE , October 9 , 1:07 p.m. ET : This story was update to let in Amnesty ’s input .
