QualPWN Vulnerabilities Issued

JacobgacsJacobgacs United StatesPosts: 3

Qualcomm's Snapdragon Chipsets have a critical security flaw. They essentially allow a hacker to take control of your device remotely OTA (over the air- via wifi or cellular). Here they are, as listed at https://www.zdnet.com/article/qualpwn-vulnerabilities-in-qualcomm-chips-let-hackers-compromise-android-devices/ -

CVE-2019-10538 - a buffer overflow that impacts the Qualcomm WLAN component and the Android Kernel. Can be exploited by sending specially-crafted packets to a device's WLAN interface, which allows the attacker to run code with kernel privileges.

CVE-2019-10540 - a buffer overflow in the Qualcomm WLAN and modem firmware that ships with Qualcomm chips. Can be exploited by sending specially-crafted packets to an Android's device modem. This allows for code execution on the device.

The Snapdragon 435 MSM8940 is specifically listed in the vulnerability's impacted chips. It would be great if we could update this awesome phone to Android Pie and include the patch to this. If not Pie, then at least 8.1.0 with the patch included. This phone, specwise, can run Android Pie since a Snapdragon 435-powered Motorola Moto E6 is running Pie. Just saying...

Sign In or Register to comment.