Chipmaker big Qualcomm launched patches on Monday fixing a collection of vulnerabilities in dozens of chips, together with three zero-days that the corporate stated could also be in use as a part of hacking campaigns.
Qualcomm cited Google’s Menace Evaluation Group, or TAG, which investigates government-backed cyberattacks, saying the three flaws “could also be underneath restricted, focused exploitation.”
In response to the corporate’s bulletin, Google’s Android safety group reported the three zero-days (CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038) to Qualcomm in February. Zero-days are safety vulnerabilities that aren’t recognized to the software program or {hardware} maker on the time of their discovery, making them extraordinarily helpful for cybercriminals and authorities hackers.
Due to Android’s open supply and distributed nature, it’s now as much as gadget producers to use the patches supplied by Qualcomm, which suggests some units should be susceptible for a number of extra weeks, even though there are patches out there.
Contact Us
Do you’ve got extra details about these Qualcomm zero-days? Or different zero-day exploits or zero-day makers? From a non-work gadget and community, you may contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or by way of Telegram and Keybase @lorenzofb, or e-mail.
Qualcomm stated within the bulletin that the patches “have been made out there to [device makers] in Might along with a powerful suggestion to deploy the replace on affected units as quickly as attainable.”
Google spokesperson Ed Fernandez advised TechCrunch that the corporate’s Pixel units should not affected by these Qualcomm vulnerabilities.
When reached by TechCrunch, a spokesperson for Google’s TAG didn’t instantly present extra details about these vulnerabilities, and the circumstances during which TAG discovered them.
Qualcomm didn’t reply to a request for remark.
Chipsets present in cell units are frequent targets for hackers and zero-day exploit builders as a result of chips usually have huge entry to the remainder of the working system, which suggests hackers can soar from there to different components of the gadget that will maintain delicate information.
In the previous few months, there have been documented circumstances of exploitation in opposition to Qualcomm chipsets. Final 12 months, Amnesty Worldwide recognized a Qualcomm zero-day that was being utilized by Serbian authorities, probably through the use of telephone unlocking device maker Cellebrite.
{content material}
Supply: {feed_title}
