Security News Qualcomm UEFI Flaws Expose Microsoft, Lenovo, Samsung Devices to Attacks

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
8,892
Many devices made by Microsoft, Lenovo, Samsung and likely others are affected by potentially serious UEFI firmware vulnerabilities in Qualcomm Snapdragon chips.

Qualcomm announced this week the availability of patches for a dozen vulnerabilities, including five connectivity- and boot-related issues discovered by researchers at firmware security company Binarly.

Alex Matrosov, founder and CEO of Binarly, told SecurityWeek that they discovered a total of nine vulnerabilities while analyzing the firmware for Lenovo Thinkpad X13s laptops powered by the Qualcomm Snapdragon system-on-a-chip (SoC).

Further analysis revealed that while some of the nine flaws are specific to Lenovo devices, five of them impact Qualcomm reference code, which means the vulnerabilities are also present in laptops and other devices using Snapdragon chips.

The Snapdragon CPU uses the Arm architecture and Matrosov said this is the first such disclosure of UEFI firmware vulnerabilities related to the Arm device ecosystem.

According to Binarly, the Qualcomm vulnerabilities have been confirmed to impact — in addition to Lenovo devices — Arm-based Microsoft Surface and the Windows Dev Kit 2023 (Project Volterra) computers, as well as Samsung products.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top