Old Qualcomm Vulnerability Exposes Android User Data

Reader wiredmikey writes: Researchers from FireEye have disclosed the details of a serious information disclosure vulnerability affecting a Qualcomm software package found in hundreds of Android device models (Editor's note: the link could have pop-up ads, here's an alternate source). The vulnerability is in the Qualcomm tethering controller (CVE-2016-2060) and could allow a malicious application to access user information. While the flaw could expose millions of Android devices, the vulnerability has limited impact on devices running Android 4.4 and later, which include significant security enhancements, and also does not affect Nexus devices. FireEye said its researchers informed Qualcomm about the vulnerability in January and the vendor developed a fix by early March and started reaching out to OEMs to let them know about the issue. Now it's up to the device manufacturers to push out the patch to customers.FireEye said: "The OEMs will now need to provide updates for their devices; however, many devices will likely never be patched."