Vulnerabilities and protection against them
1⃣ Google and Qualcomm: Tencent Blade Team researchers found three vulnerabilities in Qualcomm chips. They are united by the common name QualPwn. In conjunction, vulnerabilities can give an attacker control over an Android device.
More than 800 thousand devices based on Snapdragon 835 and later models are at stake. There is no patch yet, but both Google and Qualcomm are working on it. Stay tuned for system updates.
The consolation is that the hackers, it seems, have not yet reached the vulnerabilities. Researchers found no signs of exploitation of these gaps.
2⃣ Google and ARM: Android promises to support MTE technology. It stands for memory tagging extension – it helps to find memory vulnerabilities in software. During testing the compatibility of MTE with Android, Google employees discovered about a hundred of these bugs.
The technology can be used during software testing or to fix memory problems directly on the user’s device. For the latter, MTE has a special energy-efficient background mode.
MTE is a fully hardware technology, so Google is now waiting for it to be implemented by hardware manufacturers.
3⃣ Back to the tailed past ?