Qualcomm acknowledged the vulnerabilities and released warnings about the flaws. The issues remain security risks unless phone manufacturers also push updates out to customers.
“We worked diligently to validate the issue and make appropriate mitigations available” to phone makers, Qualcomm said in a statement, adding that the company didn’t have any evidence that the problem was now being exploited by hackers. “We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store,” Qualcomm said.
Ahhh, that’s a little more concise, thanks. Quite a bummer to find security holes in a SDK used for quite a large number of firmware for SoCs, indeed. One more reason to fight for an open firmware technology (if we really needed more, that’s it).
One more reason to move away from qualcomm toward more open choice as allwinner and freescale and hopefully to open hardware architecture as RISC-V in the future.
RISC-V is a) academic and b) by no means energy-efficient in a way that might suit mobile phones. Also, it is just a CPU and not a System-on-Chip (SoC). Forget it, sorry.