Blog Details

Chipmaker giant Qualcomm launched patches on Monday fixing a bunch of vulnerabilities in dozens of chips, along side three zero-days that the company talked about might be in use as half of hacking campaigns. 

Qualcomm cited Google’s Threat Prognosis Neighborhood, or TAG, which investigates authorities-backed cyberattacks, announcing the three flaws “might be beneath restricted, focused exploitation.” 

In step with the company’s bulletin, Google’s Android security crew reported the three zero-days (CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038) to Qualcomm in February. Zero-days are security vulnerabilities that are no longer known to the instrument or hardware maker on the time of their discovery, making them extremely precious for cybercriminals and authorities hackers. 

On yarn of Android’s originate supply and dispensed nature, it’s now up to intention manufacturers to snort the patches provided by Qualcomm, which system some devices need to be inclined for several more weeks, whatever the indisputable truth that there are patches available. 

Qualcomm talked about within the bulletin that the patches “had been made available to [device makers] in Would possibly well simply along with a convincing recommendation to deploy the update on affected devices as rapidly as imaginable.”

Google spokesperson Ed Fernandez told TechCrunch that the company’s Pixel devices are no longer tormented by these Qualcomm vulnerabilities.

Kimberly Samra, a spokesperson for Google’s TAG did no longer straight away present more knowledge about these vulnerabilities, and the conditions in which TAG came all the scheme in which thru them. 

Qualcomm acknowledged the fixes. “We aid cease customers to snort security updates as they change into available from intention makers,” talked about company spokesperson Dave Schefcik.

Chipsets justify in cellular devices are frequent targets for hackers and nil-day exploit developers because chips on the final have huge glean admission to to the comfort of the running machine, which system hackers can soar from there to assorted aspects of the intention that will withhold sensitive knowledge. 

Within the final few months, there had been documented cases of exploitation in opposition to Qualcomm chipsets. Closing 12 months, Amnesty International identified a Qualcomm zero-day that changed into being faded by Serbian authorities, probably by the use of cellular phone unlocking instrument maker Cellebrite.

Updated to incorporate Qualcomm’s spokesperson comment.

Glimpse Bio