6mo ago

Qualcomm patches high-severity zero-day exploited in attacks

www.bleepingcomputer.com

Just a moment...

cross-posted from: https://infosec.pub/post/18563178

Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. [...]

Pulse of Truth @infosec.pub

Resident Pulser @infosec.pub

BOT

6mo ago

Qualcomm patches high-severity zero-day exploited in attacks

www.bleepingcomputer.com /news/security/qualcomm-patches-high-severity-zero-day-exploited-in-attacks/

4 comments

If only Android was based on mainline Linux! Who am I joking, cost is way more important than security.
Serious question though, can this be exploited via web assembly? Also is Lineage OS shipping patches? I know many devices have been abandoned by the vendors so it is entirely possible this will go unpatched in older devices
- Also is Lineage OS shipping patches? I know many devices have been abandoned by the vendors so it is entirely possible this will go unpatched in older devices
  This is a vulnerability in a proprietary Qualcomm's DSP. The patch will only be made available to OEMs. LineageOS cannot patch this vulnerability if the device itself is no longer receiving official updates.
  
  how and when is the DSP used, though?
  and what kind of code can take advantage of this? apps? javascript in browser apps? or a non-app system process with a specific privilege?