There is a new vulnerability out affecting Android phones and it is import you update your Android phone as soon as possible. Attackers are taking advantage of a recently patched vulnerability inside of Qualcomm Snapdragon’s chipset. These chip systems are present in all modern day smartphones and are responsible for a variety of smartphone capabilities including image, video, and audio functions; however, Qualcomm Snapdragon chips are only present in Android devices.
The vulnerability, documented as CVE-2020-11261, effects the Qualcomm chips graphics component where an attacker can use malicious applications to corrupt the target devices memory. When a large amount of memory from the device is requested, an “improper input validation” error occurs, triggering corruption. The vulnerability received a score of 8.4 out of 10, making its impact severity High.
The good news is that this exploitation requires local access to the device, such as the attacker physically having the victim’s phone. The bad news is remote attacks are difficult but not impossible, as hackers like to deploy “watering hole” attacks to deliver the malicious code onto the victim’s phone.
Qualcomm has stated that there is evidence CVE-2020-11261 is under “limited, targeted exploitation.” Although they have since patched the vulnerability, this threat remains an issue until everyone has had security updates from their vendors.
The active exploitation and severity of this security flaw makes it all the more important to stay up-to-date on the latest software. Android users are advised to update their devices as soon as possible and only install applications from trusted locations to mitigate any risk of compromise. You can get those updates from your carrier. If you have any questions or concerns, please feel free to reach out to info@msasecurity.net.