Telephone chipmaker Qualcomm fixes three zero-days exploited by hackers
Chipmaker big Qualcomm launched patches on Monday fixing a collection of vulnerabilities in dozens of chips, together with three zero-days that the corporate stated could also be in use as a part of hacking campaigns.
Qualcomm cited Google’s Risk Evaluation Group, or TAG, which investigates government-backed cyberattacks, saying the three flaws “could also be beneath restricted, focused exploitation.”
In keeping with the corporate’s bulletin, Google’s Android safety workforce reported the three zero-days (CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038) to Qualcomm in February. Zero-days are safety vulnerabilities that aren’t recognized to the software program or {hardware} maker on the time of their discovery, making them extraordinarily helpful for cybercriminals and authorities hackers.
Due to Android’s open supply and distributed nature, it’s now as much as system producers to use the patches supplied by Qualcomm, which implies some units should still be susceptible for a number of extra weeks, even if there are patches obtainable.
Contact Us
Do you’ve gotten extra details about these Qualcomm zero-days? Or different zero-day exploits or zero-day makers? From a non-work system and community, you’ll be able to contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or by way of Telegram and Keybase @lorenzofb, or e mail.
Qualcomm stated within the bulletin that the patches “have been made obtainable to [device makers] in Might along with a robust advice to deploy the replace on affected units as quickly as doable.”
Google spokesperson Ed Fernandez advised TechCrunch that the corporate’s Pixel units aren’t affected by these Qualcomm vulnerabilities.
Kimberly Samra, a spokesperson for Google’s TAG didn’t instantly present extra details about these vulnerabilities, and the circumstances wherein TAG discovered them.
Qualcomm acknowledged the fixes. “We encourage finish customers to use safety updates as they turn out to be obtainable from system makers,” stated firm spokesperson Dave Schefcik.
Chipsets present in cellular units are frequent targets for hackers and zero-day exploit builders as a result of chips typically have large entry to the remainder of the working system, which implies hackers can leap from there to different elements of the system which will maintain delicate information.
In the previous few months, there have been documented circumstances of exploitation towards Qualcomm chipsets. Final yr, Amnesty Worldwide recognized a Qualcomm zero-day that was being utilized by Serbian authorities, probably by utilizing cellphone unlocking device maker Cellebrite.
Up to date to incorporate Qualcomm’s spokesperson remark.