type
status
date
slug
summary
tags
category
icon
password
📢【新聞標題】
Phone chipmaker Qualcomm fixes three zero-days exploited by hackers
手機晶片製造商高通修復了駭客利用的三個零日漏洞
📰【摘要】
Chipmaker giant Qualcomm released patches on Monday fixing a series of vulnerabilities in dozens of chips, including three zero-days that the company said may be in use as part of hacking campaigns. Qualcomm cited Google’s Threat Analysis Group, or TAG, which investigates government-backed cyberattacks, saying the three flaws “may be under limited, targeted exploitation.”
晶片製造巨頭高通週一發布了修補程式,修復了數十款晶片中的一系列漏洞,其中包括三個零日漏洞,該公司表示這些漏洞可能被用於駭客攻擊活動中。高通引用了 Google 的威脅分析組 (TAG),該組織負責調查政府支持的網路攻擊,稱這三個漏洞「可能受到有限的、有針對性的利用」。
🗝️【關鍵詞彙表】
📝 Vulnerability (n.)
- 漏洞、弱點
- 例句: Qualcomm released patches fixing a series of vulnerabilities.
- 翻譯: 高通發布修補程式修復了一系列漏洞。
📝 Zero-day (n.)
- 零日漏洞
- 例句: The company fixed three zero-days exploited by hackers.
- 翻譯: 該公司修復了駭客利用的三個零日漏洞。
📝 Patch (n.)
- 修補程式
- 例句: Qualcomm released patches fixing a series of vulnerabilities.
- 翻譯: 高通發布修補程式修復了一系列漏洞。
📝 Exploit (v.)
- 利用、剝削
- 例句: The zero-days were exploited by hackers.
- 翻譯: 零日漏洞被駭客利用。
📝 Targeted exploitation (n.)
- 有針對性的利用
- 例句: The three flaws “may be under limited, targeted exploitation.”
- 翻譯: 這三個漏洞「可能受到有限的、有針對性的利用」。
📝 Device manufacturers (n.)
- 設備製造商
- 例句: It’s now up to device manufacturers to apply the patches.
- 翻譯: 現在由設備製造商來應用修補程式。
📝 Security updates (n.)
- 安全更新
- 例句: We encourage end users to apply security updates.
- 翻譯: 我們鼓勵最終用戶應用安全更新。
✍️【文法與句型】
📝 May be in use as part of...
- 說明: Indicates a possibility or potential involvement in something.
- 翻譯: 可能被用於...的一部分。
- 例句: Three zero-days that the company said may be in use as part of hacking campaigns.
- 翻譯: 該公司表示,三個零日漏洞可能被用於駭客攻擊活動中。
📝 It's now up to...
- 說明: Indicates that the responsibility or decision now lies with someone.
- 翻譯: 現在取決於...
- 例句: It’s now up to device manufacturers to apply the patches.
- 翻譯: 現在由設備製造商來應用修補程式。
📖【全文與翻譯】
Chipmaker giant Qualcomm released patches on Monday fixing a series of vulnerabilities in dozens of chips, including three zero-days that the company said may be in use as part of hacking campaigns.
晶片製造巨頭高通週一發布了修補程式,修復了數十款晶片中的一系列漏洞,其中包括三個零日漏洞,該公司表示這些漏洞可能被用於駭客攻擊活動中。
Qualcomm cited Google’s Threat Analysis Group, or TAG, which investigates government-backed cyberattacks, saying the three flaws “may be under limited, targeted exploitation.”
高通引用了 Google 的威脅分析組 (TAG),該組織負責調查政府支持的網路攻擊,稱這三個漏洞「可能受到有限的、有針對性的利用」。
According to the company’s bulletin, Google’s Android security team reported the three zero-days (CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038) to Qualcomm in February.
根據該公司的公告,Google 的 Android 安全團隊在 2 月份向高通報告了這三個零日漏洞(CVE-2025-21479、CVE-2025-21480 和 CVE-2025-27038)。
Zero-days are security vulnerabilities that are not known to the software or hardware maker at the time of their discovery, making them extremely valuable for cybercriminals and government hackers.
零日漏洞是指軟體或硬體製造商在發現時並不知道的安全漏洞,這使得它們對於網路犯罪分子和政府駭客來說極具價值。
Because of Android’s open source and distributed nature, it’s now up to device manufacturers to apply the patches provided by Qualcomm, which means some devices may still be vulnerable for several more weeks, despite the fact that there are patches available.
由於 Android 的開放原始碼和分散式特性,現在由設備製造商來應用高通提供的修補程式,這意味著儘管有可用的修補程式,但某些設備可能仍會在幾週內處於易受攻擊的狀態。
Qualcomm said in the bulletin that the patches “have been made available to [device makers] in May together with a strong recommendation to deploy the update on affected devices as soon as possible.”
高通在公告中表示,這些修補程式「已於 5 月提供給 [設備製造商],並強烈建議盡快在受影響的設備上部署更新」。
Google spokesperson Ed Fernandez told TechCrunch that the company’s Pixel devices are not affected by these Qualcomm vulnerabilities.
Google 發言人 Ed Fernandez 告訴 TechCrunch,該公司的 Pixel 設備不受這些高通漏洞的影響。
Qualcomm acknowledged the fixes.
高通承認了這些修復。
“We encourage end users to apply security updates as they become available from device makers,” said company spokesperson Dave Schefcik.
該公司發言人 Dave Schefcik 表示:「我們鼓勵最終使用者在設備製造商提供安全更新時立即應用。」
Chipsets found in mobile devices are frequent targets for hackers and zero-day exploit developers because chips generally have wide access to the rest of the operating system, which means hackers can jump from there to other parts of the device that may hold sensitive data.
移動設備中的晶片組是駭客和零日漏洞利用開發者的頻繁目標,因為晶片通常可以廣泛訪問操作系統的其餘部分,這意味著駭客可以從那裡跳轉到設備的其他可能包含敏感數據的部分。
In the last few months, there have been documented cases of exploitation against Qualcomm chipsets.
在過去的幾個月裡,已經有針對高通晶片組的利用的記錄在案的案例。
Last year, Amnesty International identified a Qualcomm zero-day that was being used by Serbian authorities, likely by using phone unlocking toolmaker Cellebrite.
去年,國際特赦組織發現塞爾維亞當局正在使用高通的零日漏洞,可能是使用手機解鎖工具製造商 Cellebrite。
🔗【資料來源】
文章連結:https://techcrunch.com/2025/06/03/phone-chipmaker-qualcomm-fixes-three-zero-days-exploited-by-hackers/