A heap overflow vulnerability in Qualcomm Snapdragon 855 modem system-on-chips used in Android devices could let malicious people run arbitrary code on unsuspecting users' devices, according to Check Point.
The vuln, tracked as CVE-2020-11292, can be abused to trigger a heap overflow in devices that use a Qualcomm Mobile Station Modem (MSM) chip, thanks to some in-depth jiggery-pokery in the Qualcomm MSM Interface (QMI) voice service API.
"If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones, granting them access to SMS messages and audio of phone conversations," said some not-at-all-excitable researchers from Israeli security firm Check Point in a blog post today.
..
Support the originator by clicking the read the rest link below.
