Qualcomm Quadrooter bug affecting 900 million Android phones to be patched next month
Another Def Con convention down and developers have people talking about this year’s Stagefright.
Security company Check Point is publicizing four major Android vulnerabilities that it is dubbing as a package, “Quadrooter,” found in Qualcomm-made chipsets.
Any malware presents itself as an app that the user may install, but for the malware to target these four vulnerabilities, it does not have to request for any special permissions. Access through any one exploit can let attackers into your device for them to root it. The exploits have to do with the inter-process communication router, the anonymous shared memory feature in the Android kernel, GPU kernel graphics processing and the CPU-app sync feature.
The advice for now? Keep your APK downloads strictly to Google Play and don’t sideload. Because we know that some of you will disregard this advice anyways, you should probably look for discrepancies in the size of the file you’re downloading and how many permissions are being requested.
Qualcomm stated that it has sent patches out to its customers and open source communities since April up through this month. August’s Android Security Bulletin fixes all but one of the Quadrooter vulnerabilities. Google confirmed that the last hole will be patched in September’s update. OEMs may also issue their own updates if they are willing and able.