Qualcomm and Arm have been forced to release security updates to patch several zero-day vulnerabilities exploited in recent targeted attacks against their chips. Qualcomm said on Tuesday it was informed by the Google Threat Analysis Group (TAG) and Project Zero team that CVE-2023-33106, CVE-2023-33107, CVE-2023-33063 and CVE-2022-22071 “may be under limited, targeted exploitation.” The first three are previously unseen vulnerabilities, while the latter was fixed in Qualcomm’s May 2022 public bulletin.

Source: Infosecurity Magazine – Information Security & IT Security