It has been revealed today that the QuadRooter exploit has affected over 900 million Android devices with Qualcomm chipsets, including the US variant of the Galaxy S7 and Galaxy S7 edge. For those unaware, QuadRooter is a set of four vulnerabilities, which each provide a different path for an attacker to gain root access to a handset through a malicious application that doesn’t require any special permissions to function.
The loophole was first reported to Qualcomm back in April. After the treat had been assessed as high risk, the CERT-CC (Computer Emergency Response Team Coordination Center) provided the chip manufacturer with 90 days to patch the bugs and distribute an update package to OEM’s and network carriers for distribution. Three of the flaws were fixed in Google’s most recent security update, while the fourth will be addressed in the upcoming September release.