UNISOC processor was exposed to serious security vulnerability? Official Response: Patched

According to The Hacker News, Israeli cybersecurity firm Check Point said in its report that they found a critical security flaw in UNISOC's smartphone chipsets that could be weaponized to pass malformed packets Disrupt smartphone radio communications.

"If left unpatched, hackers or military units could exploit this vulnerability to neutralize communications at a specific location," the agency warned, adding that "the vulnerability resides in the modem firmware, not the Android operating system itself."

According to market research firm Counterpoint Research, UNISOC is the world's fourth-largest mobile processor maker after MediaTek, Qualcomm and Apple, accounting for 10% of all SoC shipments in the third quarter of 2021.

The patched issue has now been assigned the identifier CVE-2022-20210 by the agency and has a severity rating of 9.4 out of 10 on the CVSS Vulnerability Scoring System, the report said.

Briefly, the vulnerability was discovered after reverse engineering UNISOC's LTE protocol stack implementation and was related to a buffer overflow vulnerability in a component in the modem firmware that handles non-access stratum (NAS) messages, resulting in a reject- Serve.

"An attacker could use the radio to send a malformed packet that resets the modem, depriving the user of the possibility of communication," said Check Point's Slava Makkaveev.

The agency has notified the vulnerability, which is expected to be fixed with Google's June Android security update, and users will now just have to wait. It is understood that this is not the most serious accident of Ziguang Zhanrui. In March this year, security company Kyptowire disclosed a serious vulnerability (CVE-2022-27250) with a CVSS score of 9.8. Attackers can obtain user personal data and even take over mobile phones.