Qualcomm Patches Three Zero-days Exploited by Hackers

By Valeriano Ndeyi Computer & Electronics, Tech Hackers, Qualcomm 0 Comments

Chipmaker Qualcomm released patches on Monday to address multiple vulnerabilities affecting dozens of its chips, including three zero-day flaws that may be used in ongoing hacking campaigns.

The company credited Google’s Threat Analysis Group (TAG), which monitors state-sponsored cyberattacks, for identifying the zero-days potentially exploited in targeted attacks.

Google Reported Zero-Day Vulnerabilities to Qualcomm in February

According to Qualcomm’s bulletin, Google’s Android security team reported the flaws—CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038—in February. Zero-days are unknown security flaws at the time of discovery, making them valuable tools for hackers and surveillance operations.

Due to Android’s open-source and fragmented structure, it’s now the responsibility of device manufacturers to implement Qualcomm’s patches—meaning some devices could remain vulnerable for weeks, even though fixes are already available.

Qualcomm Urges Device Makers to Deploy May Security Patches Promptly

In its bulletin, Qualcomm stated that it made the patches available to device makers in May and strongly recommended they quickly deploy the updates on affected devices.

Google Confirms Pixel Devices Avoid Impact from Qualcomm Flaws

Kimberly Samra, a spokesperson for Google’s Threat Analysis Group (TAG), did not immediately share additional details about the vulnerabilities or how TAG discovered them.

Qualcomm Advises Users to Install Security Updates from Manufacturers

Qualcomm confirmed the patches, with spokesperson Dave Schefcik stating, “We encourage end users to apply security updates as they become available from device makers.”

Mobile device chipsets are frequent targets for hackers and zero-day exploit developers because they typically have deep access to the operating system, allowing attackers to reach other parts of the device that may store sensitive information.

In recent months, attackers have exploited Qualcomm chipsets. Last year, Amnesty International reported that Serbian authorities used a Qualcomm zero-day, likely via the phone unlocking firm Cellebrite.

Update: Qualcomm’s spokesperson comment has been added.

Read the original article on: Techcrunch

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Qualcomm Patches Three Zero-days Exploited by Hackers