Android: a serious vulnerability affects smartphones with Snapdragon 8 Gen 1 and Snapdragon 888, but not only!

A zero-day flaw, an unknown vulnerability that has not been identified until now, has just been discovered on Android smartphones running certain specific chips. We are talking here about Qualcomm processors, used on mid- and high-end models, as well as modems and 5G platforms.

Designated under the number CVE-2024-43047the latter “could be subject to limited and targeted exploitation” according to the American founder, using the terms used by Google's Threat Analysis Group, investigating government hacking threats.

The threat was also confirmed by Amnesty International's Security Lab working “to protect civil society from illegal digital surveillance, spyware and other technology-enabled human rights abuses”.

In detail, 64 chips of Qualcomm would be affected by this security flaw, which the famous Snapdragon 8 Gen 1 (Galaxy S22 Ultra, Xiaomi 12, OnePlus 10, Honor Magic 4 Pro…), 888/888+ and 870, 865/865+ as well as the Snapdragon 660, 680 4G and 685 4G.

This list also includes modems for smartphones such as the Snapdragon Auto 5G Modem-RF, Auto 5G Modem-RF Gen 2, X55 5G Modem-RF System (notably used by iPhone 12) or the platform dedicated to extended reality XR2 5G.

Faced with this alarming situation, Qualcomm declared that a patch had been sent to manufacturers last month, “strongly recommending that the update be rolled out to affected devices as soon as possible”. We therefore expect security patches to quickly address this problem from the different brands.

It should be noted that the October 2024 updates from Google for Pixels and from Samsung for Galaxy do not currently contain the fix for the CVE-2024-43047 vulnerability.