Qualcomm Firmware Vulnerabilities Expose 900 Million Devices (think smartphones) Quick Duck!


by Lucian Armasu August 9, 2016 at 10:10 AM - Source: Check Point

Security firm Check Point Software Technologies unveiled the second major set of Android vulnerabilities after “Stagefright” to affect the majority of Android devices.

The company uncovered a set of four vulnerabilities, called “QuadRooter,” which impacts all devices that are powered by Qualcomm chipsets. According to Check Point, any one of the four vulnerabilities allows an attacker to escalate privileges on Android devices and gain root access.

Check Point named some of the more popular devices affected by these vulnerabilities, including some devices that are more “security-focused:”

BlackBerry Priv
Blackphone 1 and Blackphone 2
Google Nexus 5X, Nexus 6 and Nexus 6P
HTC One, HTC M9 and HTC 10
LG G4, LG G5, and LG V10
New Moto X by Motorola
OnePlus One, OnePlus 2 and OnePlus 3
Samsung Galaxy S7 and Samsung S7 Edge
Sony Xperia Z Ultra

The security firm said that a malicious app could take advantage of these vulnerabilities without any special permissions being required. This means users wouldn’t suspect a thing when installing one of these malicious apps, as they would just consider them to be normal apps.


Updated, 8/09/2016, 10:45pm PT:

Qualcomm contacted Tom's Hardware with an official statement about this issue, saying it has already released a patch, which has already been published on CodeAurora ( https://www.codeaurora.org/invalid-path-check-ashmem-memory-... ). However, it will now still be up to smartphone makers and carriers to deliver this update to users, which likely won't happen for the majority of the affected devices

Never argue with a pig. It makes you look foolish and it anoys the hell out of the pig!

Things like this are why you buy a Nexus device from Google

Anyone who didn't purchase a Nexus device will feel the bite on this one. Where my Nexus 6 has already had three of the four vulnerabilities patched - with the fourth incoming - virtually all other brands haven't yet introduced these patches and won't do so for some time yet. The delay will be even longer if the device was purchased from a carrier, since the carrier has to "test" the update. By "test", I mean "add bloatware to".

"Anyone who is capable of getting themselves made President should on no account be allowed to do the job." --Douglas Adams

Thanks strephon

Thank you for this since I have just bought a Google Nexus 5X.

New last week, it updated the operating system. Yesterday, it again updated the operating system. This must be the update we are talking about.

dobs108 smile