The whole world should count its lucky stars that this was Tencent discovering and reporting the vulnerability, and not Huawei, who depending on the current day-of-the-week might not be able to legally report it.
"the vulnerabilities allows attackers to compromise the WLAN and Modem over-the-air. The other allows attackers to compromise the Android Kernel from the WLAN chip."
This seems big and unprecedented. Layperson in this area, so...am I wrong?
Google can claim many firsts, but hopping from a baseband to an application processor most certainly isn't one of them. I'm sure you can find presentations from e.g. CCC much older than 2017
It's unusual but certainly not novel. There have been similar attacks against e.g. server network cards >10 years ago, where (IIRC) a magic pattern used for factory testing could put the card into firmware download mode, and from there it had access to RAM, so game over
It's only in relatively recent times that shared memory interfaces have fallen under the security spotlight as new scenarios arise where a trusted driver may not be speaking to a trusted piece of hardware (e.g. virtualization), so there are plenty of attacks around that involve hopping across an interface assumed to have been free of trust boundaries (Firewire is another example kinda like this)
i think its kind fun when its google caught with its pants down , its usually googles project zero who set the 90 day dead line. I am happy if i just get the patch for my old hardware.
