Qualcomm Firmware Vulnerabilities Expose 900 Million Devices (think smartphones) Quick Duck!

by Lucian Armasu August 9, 2016 at 10:10 AM - Source: Check Point

Security firm Check Point Software Technologies unveiled the second major set of Android vulnerabilities after “Stagefright” to affect the majority of Android devices.

The company uncovered a set of four vulnerabilities, called “QuadRooter,” which impacts all devices that are powered by Qualcomm chipsets. According to Check Point, any one of the four vulnerabilities allows an attacker to escalate privileges on Android devices and gain root access.

Check Point named some of the more popular devices affected by these vulnerabilities, including some devices that are more “security-focused:”

BlackBerry Priv
Blackphone 1 and Blackphone 2
Google Nexus 5X, Nexus 6 and Nexus 6P
HTC One, HTC M9 and HTC 10
LG G4, LG G5, and LG V10
New Moto X by Motorola
OnePlus One, OnePlus 2 and OnePlus 3
Samsung Galaxy S7 and Samsung S7 Edge
Sony Xperia Z Ultra

The security firm said that a malicious app could take advantage of these vulnerabilities without any special permissions being required. This means users wouldn’t suspect a thing when installing one of these malicious apps, as they would just consider them to be normal apps.

http://www.tomshardware.com/news/quadrooter-qualcomm-android...

Note:
Updated, 8/09/2016, 10:45pm PT:

Qualcomm contacted Tom's Hardware with an official statement about this issue, saying it has already released a patch, which has already been published on CodeAurora ( https://www.codeaurora.org/invalid-path-check-ashmem-memory-... ). However, it will now still be up to smartphone makers and carriers to deliver this update to users, which likely won't happen for the majority of the affected devices