CyberSecurityBoard
Sponsor Register Login

New GPAUF Technique to Root Qualcomm-Based Android Phones

Qualcomm has issued patches for the vulnerabilities, but security experts recommend users update their devices immediately as attackers could potentially exploit these flaws to gain complete control of affected devices, access sensitive data, and install persistent malware. Their technique, dubbed “GPUAF” (GPU Use-After-Free), chains multiple vulnerabilities in Qualcomm’s GPU drivers to achieve complete system control across devices from Samsung, Xiaomi, Honor, and Vivo. The researchers detailed three critical flaws: CVE-2024-23380, a race condition in the Kgsl VBO map buffer; CVE-2024-23373, a page Use-After-Free vulnerability triggered when unmap operations fail; and a third bug involving premature page table entry destruction. GPUAF represents a significant advancement in Android exploitation, demonstrating how GPU driver vulnerabilities can be chained to achieve full device compromise-and underscoring the need for robust, multi-layered mobile security defenses. The attack affects numerous devices including Samsung Galaxy S series (non-Exynos chips), Honor phones (x9b, 90…), Xiaomi phones (14, 14 Pro, Redmi Note 13 Pro…), and Vivo phones (iQOO Z9s Pro, T3 Pro…). “What makes this attack particularly concerning is its broad applicability across vendors and its ability to bypass hardware-backed security measures,” noted the researchers. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The researchers also demonstrated bypasses for advanced security features like Samsung’s Enhanced SELinux and KNOX hypervisor protections that operate at EL2 (Exception Level 2). The exploit deliberately races two bind operations to cause the GPU driver to incorrectly track memory mappings, eventually leading to a situation where freed memory pages remain accessible through the GPU. After gaining control of page tables, attackers can disable SELinux by overwriting the selinux_state structure and gaining root privileges.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 29 Apr 2025 11:25:08 +0000


Cyber News related to New GPAUF Technique to Root Qualcomm-Based Android Phones

New GPAUF Technique to Root Qualcomm-Based Android Phones - Qualcomm has issued patches for the vulnerabilities, but security experts recommend users update their devices immediately as attackers could potentially exploit these flaws to gain complete control of affected devices, access sensitive data, and ...
1 month ago Cybersecuritynews.com CVE-2024-23380
Qualcomm chip vulnerability enables remote attack by voice call - Qualcomm disclosed a critical vulnerability on New Year's Day that would allow remote attacks via malicious voice calls over LTE networks. The January 2024 security bulletin lists a total of 26 vulnerabilities, including four critical ...
1 year ago Packetstormsecurity.com CVE-2023-33025 CVE-2023-33036 CVE-2023-33030
CVE-2025-21813 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
AWS Root vs IAM User: What to Know & When to Use Them - In Amazon Web Services, there are two different privileged accounts. One is defined as Root User and the other is defined as an IAM User. In this blog, I will break down the differences of an AWS Root User versus an IAM account, when to use one ...
2 years ago Beyondtrust.com
CVE-2024-36963 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
New Stealthy Malware 'Waiting Thread Hijacking' Technique Bypasses Modern Defenses - Unlike traditional thread hijacking, which requires suspending and resuming threads using easily monitored APIs like SuspendThread and ResumeThread, WTH targets threads already in a waiting state, eliminating the need for suspicious thread ...
2 months ago Cybersecuritynews.com
What Is Android System WebView and Should You Uninstall It? | Definition from TechTarget - Android developers use WebView when they want to display webpages or Hypertext Markup Language content in a Google app or other application. Android System WebView is a system component for the Android operating system (OS) that enables Android apps ...
8 months ago Techtarget.com
Purple teaming and the role of threat categorization - Red team assessment, penetration testing, and even purple team assessments are all designed to answer these questions. As attacks get more complex, these assessments struggle to provide comprehensive answers. These assessment services typically test ...
1 year ago Helpnetsecurity.com
PixPirate Android malware uses new tactic to hide on phones - The latest version of the PixPirate banking trojan for Android employs a new method to hide on phones while remaining active, even if its dropper app has been removed. PixPirate is a new Android malware first documented by the Cleafy TIR team last ...
1 year ago Bleepingcomputer.com
Android 15, Google Play get new anti-malware and anti-fraud features - Today, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices. Announced at Google I/O 2024, the new features are designed not only to help end users but also ...
1 year ago Bleepingcomputer.com
Amazon Still Selling T95 TV Box with Pre-Installed Malware - A few weeks back, Hackread.com reported about a malware-infected Android TV box available on Amazon: the T95 TV box. The box contained pre-installed malware, which was discovered by a Canadian developer and security systems consultant, Daniel ...
2 years ago Hackread.com
AutoSpill attack steals credentials from Android password managers - Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. In a presentation at the Black Hat Europe security conference, researchers from the International ...
1 year ago Bleepingcomputer.com
New Xamalicious Android malware installed 330k times on Google Play - A previously unknown Android backdoor named 'Xamalicious' has infected approximately 338,300 devices via malicious apps on Google Play, Android's official app store. McAfee, a member of the App Defense Alliance, discovered 14 infected apps on Google ...
1 year ago Bleepingcomputer.com
ACM will no longer cross sign certificates with Starfield Class 2 starting August 2024 - AWS Certificate Manager is a managed service that you can use to provision, manage, and deploy public and private TLS certificates for use with Elastic Load Balancing, Amazon CloudFront, Amazon API Gateway, and other integrated AWS services. Starting ...
11 months ago Aws.amazon.com
Google shares fix for Pixel phones hit by bad system update - Google has shared a temporary fix for owners of Google Pixel devices that were rendered unusable after installing the January 2024 Google Play system update. As previously reported by BleepingComputer, after the January 2024 Google Play system ...
1 year ago Bleepingcomputer.com
Critical Vulnerabilities in Mitel SIP Phones Let Attackers Inject Malicious Commands - Security researchers have discovered two significant vulnerabilities affecting Mitel’s suite of SIP phones that could allow attackers to execute arbitrary commands and upload malicious files. The more severe vulnerability, identified as ...
1 month ago Cybersecuritynews.com CVE-2025-47188
Hackers Employ New ClickFix Captcha Technique to Deliver Ransomware - The integration of Qakbot with the ClickFix technique allows attackers to bypass traditional security measures by leveraging user interaction to execute malicious commands. A sophisticated social engineering technique known as ClickFix has emerged, ...
2 months ago Cybersecuritynews.com
State Sponsored Hackers Now Widely Using ClickFix Attack Technique in Espionage Campaigns - While currently limited to experimental usage by these state-sponsored groups, the increasing popularity of ClickFix in both cybercrime and espionage campaigns suggests the technique will likely become more widely adopted as threat actors continue to ...
1 month ago Cybersecuritynews.com Kimsuky MuddyWater
East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
1 year ago Cnn.com
Do AirPods Work With Android? - AirPods work well with Android, but the experience may be less satisfying or convenient compared to Apple's ecosystem. Certain features are unavailable such as customizing double-tap functionality and access to Siri voice assistant. One of the best ...
1 year ago Hackercombat.com
BadBox malware disrupted on 500K infected Android devices - The BadBox Android malware botnet has been disrupted again by removing 24 malicious apps from Google Play and sinkholing communications for half a million infected devices. HUMAN says it also discovered 24 Android apps in the official app store, ...
3 months ago Bleepingcomputer.com
Google Pixel 6 series phones bricked after factory reset - Factory resets wipe the device of all personal data, apps, and settings and are typically performed when the device owner prepares it for resale. The Pixel 6 series, released in late 2021, is approaching the typical upgrade cycle for many original ...
11 months ago Bleepingcomputer.com Medusa
Attackers Can Bypass Windows Security Using New DLL Hijacking - Threat actors using the DLL Hijacking technique for persistence have been the order of the day and have been utilized in several attacks. This attack method allows bypassing the privilege requirement for executing certain malicious codes on the ...
1 year ago Cybersecuritynews.com
Flipper Zero Bluetooth spam attacks ported to new Android app - Recent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of devices to implement these annoying spam alerts. Inspired by previous research on the topic and Flipper Zero applets targeting iOS ...
1 year ago Bleepingcomputer.com Rocke
Avast confirms it tagged Google app as malware on Android phones - Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday. On affected devices, users were warned to immediately uninstall the Google app ...
1 year ago Bleepingcomputer.com Rocke

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)