Quote:Two serious vulnerabilities in Qualcomm's Snapdragon system-on-a-chip (SoC) WLAN firmware could be leveraged to compromise the modem and the Android kernel over the air.
The flaws were found in Qualcomm's Snapdragon 835 and 845 WLAN component. The tests were made on Google Pixel 2 and 3 but any unpatched phone running one of the two SoCs is vulnerable.
Security researchers from Tencent's Blade team found that one one of the vulnerabilities (CVE-2019-10538, with a high severity rating) allows attackers to compromise the WLAN and the chip's modem over-the-air. The second one is a buffer overflow tracked as CVE-2019-10540; it received a critical severity rating and an attacker can exploit it to compromise the Android Kernel from the WLAN component.
The researchers informed both Google and Qualcomm about the flaws and exploitation is currently possible only on Android phones that have not been patched with the latest security updates that rolled out today.
SOURCE: https://www.bleepingcomputer.com/news/se...r-the-air/
![[-]](https://www.geeks.fyi/images/collapse.png)
