Android released security patches that fixes severe vulnerabilities on the devices powered by Qualcomm chipsets. The two major vulnerabilities that have been patched allowed a third-party to attack the device over a WiFi network. Android team has urged all the users to promptly update the device with the latest August 2019 security patch released on Monday.
The two vulnerabilities — collectively known as QualPwn, need no user interaction. However, they cannot be exploited remotely over the internet, but over the WiFi and the hacker would have to be on the same network as the target.
According to Android August 2019 security bulletin, “The most severe vulnerability in this section could enable a remote attacker using a specially crafted PAC file to execute arbitrary code within the context of a privileged process.”
The only way for the users to protect their devices from the vulnerability is to update to the latest Android security patch as soon as it is rolled out by their respective device manufacturers. However, a lot of android devices will either remain unpatched for the next few months or indefinitely due to the apathy of some Android brands which fail to send regular security updates to their huge array of phones. To learn more about how Android manufacturers are compromising your device’s security, check out this article.
According to a ZDNet report, the following Qualcomm chipset models were affected by the vulnerability: IPQ8074, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS404, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712, SD 710, SD 670, SD 730, SD 820, SD 835, SD 845, SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, and SXR1130.
To check out all the vulnerabilities that have been patched, click here.
Also read: What is a Spyware and ways to counter it