Qualcomm Fixes Critical Zero-Day Flaws
Qualcomm has released security patches addressing multiple vulnerabilities affecting numerous chipsets, including three zero-day exploits. These zero-days, CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038, were reportedly discovered by Google's Threat Analysis Group (TAG) and may already be actively exploited in targeted attacks. The vulnerabilities were reported to Qualcomm in February, with patches subsequently provided to device manufacturers in May.
The Urgency of Patching
The critical nature of these vulnerabilities stems from the potential for attackers to gain widespread access to a device's operating system and sensitive data. Given the open-source nature of Android, the onus is on device manufacturers to quickly integrate these patches into their devices. However, this process may take time, leaving some devices vulnerable for weeks even after patches are available. Users are strongly encouraged to install these updates as soon as they are released by their device manufacturers.
While Google has confirmed that its Pixel devices are unaffected, the potential impact on other Android devices remains a significant concern. The prompt deployment of these updates by manufacturers is paramount to mitigating the risk of exploitation.
Qualcomm has emphasized the importance of immediate action, urging end-users to apply updates provided by device manufacturers without delay. The vulnerability of mobile device chipsets to sophisticated attacks highlights the continuous need for proactive security measures in the mobile ecosystem.
Source: TechCrunch