Qualcomm fixes 3 critical chip vulnerabilities exploited by hackers: List of chipsets affected

Qualcomm

has announced that it has released patches for a series of vulnerabilities affecting dozens of its chips, including three zero-day flaws that the chipmaker says may be under active exploitation by hackers. Qualcomm cited Google’s Threat Analysis Group (TAG), which focuses on government-backed cyberattacks, indicating that these three flaws “may be under limited, targeted exploitation.”According to the information revealed by the company, the vulnerabilities were reported to Qualcomm by Google's

Android security

team in February.

What it means for users

Due to the open-source and distributed nature of Android, applying these patches for phones running on affected chipsets now falls to individual device manufacturers, such as Samsung, Xiaomi, Vivo, Oppo and more. This means some devices may remain vulnerable for several weeks, even though fixes are available.

Qualcomm stated in its bulletin that patches were provided to device makers in May, with a strong recommendation for immediate deployment.As per TechCrunch, Qualcomm spokesperson Dave Schefcik acknowledged the fixes, urging "end users to apply security updates as they become available from device makers."Meanwhile, Google spokesperson Ed Fernandez confirmed that Google's Pixel devices are not affected by these specific Qualcomm vulnerabilities. Chipsets in mobile devices are frequent targets for zero-day exploit developers due to their broad access to the operating system. This allows attackers to potentially move to other sensitive data areas on the device.Zero-day vulnerabilities

are unknown to the software or hardware maker at the time of discovery, making them valuable targets for cybercriminals and state-sponsored hackers.