Qualcomm Quadrooter bug affecting 900 million Android phones to be patched next month

Advertisement

Another Def Con convention down and developers have people talking about this year’s Stagefright.

Security company Check Point is publicizing four major Android vulnerabilities that it is dubbing as a package, “Quadrooter,” found in Qualcomm-made chipsets.

Snapdragons are estimated to be on about 900 million Android handsets from the Nexus devices to Samsung, HTC to LG, BlackBerry to Blackphone.

Any malware presents itself as an app that the user may install, but for the malware to target these four vulnerabilities, it does not have to request for any special permissions. Access through any one exploit can let attackers into your device for them to root it. The exploits have to do with the inter-process communication router, the anonymous shared memory feature in the Android kernel, GPU kernel graphics processing and the CPU-app sync feature.

The advice for now? Keep your APK downloads strictly to Google Play and don’t sideload. Because we know that some of you will disregard this advice anyways, you should probably look for discrepancies in the size of the file you’re downloading and how many permissions are being requested.

Qualcomm stated that it has sent patches out to its customers and open source communities since April up through this month. August’s Android Security Bulletin fixes all but one of the Quadrooter vulnerabilities. Google confirmed that the last hole will be patched in September’s update. OEMs may also issue their own updates if they are willing and able.

Source: Check Point
Via: Phandroid

Share This Post
Advertisement
What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
About The Author
Jules Wang
Jules Wang is News Editor for Pocketnow and one of the hosts of the Pocketnow Weekly Podcast. He came onto the team in 2014 as an intern editing and producing videos and the podcast while he was studying journalism at Emerson College. He graduated the year after and entered into his current position at Pocketnow, full-time.