Learn more
Choose your language:English


Qualcomm chip vulnerability? Do not be afraid! Patch repairs have been available since October 2018

  On April 28, Qualcomm said that the Qualcomm chip, numbered CVE-2018-11976 discovered by NCC Group last March, had provided security patches to terminal manufacturers at the end of last year and has now been repaired.

It is understood that this vulnerability, numbered CVE-2018-11976, can steal confidential information stored in Qualcomm chips and affect Android devices that use related chips.

After discovering the vulnerability last year, Qualcomm notified its customers in October 2018 and provided security patches to its customers. At the same time, it was disclosed in April this year in consultation with NCC Group in accordance with industry practice.

It is reported that the vulnerability requires kernel permissions to launch an attack. That is to say, the vulnerability can be exploited on the premise that the terminal has been deeply intruded. If the user has updated the software patch provided by the manufacturer, it means that the software vulnerability has been fixed.

Qualcomm stressed that security patches were provided to terminal vendors at the end of last year, and no incidents of exploiting the vulnerability have been identified so far.

It is a common practice in the industry to work with industry security research organizations to identify software vulnerabilities and provide security patches in a timely manner. For the end user, the security of the terminal can be ensured by updating the terminal in time after the software patch is provided by the operator or the terminal manufacturer, and downloading the application only from the secure application store.