Qualcomm is releasing a critical security patch to smartphone manufacturers. The chipmaker has discovered a zero-day flaw in its chips that affects millions of smartphones. Major brands are currently pushing the update to affected devices – it is highly recommended to install it.
Google researchers have alerted Qualcomm to the existence of a zero-day flaw that exploits the Adreno GPU in many of the brand's chips. Enough to allow hackers to take control of millions of smartphones – while signs of its active exploitation in the wild have been detected.
The flaw relies on a series of vulnerabilities in the graphics processor – which are not addressed by the component driver on many devices. The firm nevertheless indicates that it sent smartphone manufacturers a security patch around May. While recommending that they deploy a security update as soon as possible on affected Android phones.
Install the next Android security update as soon as possible
The first two flaws discovered, documented under the references CVE-2025-21479 and CVE-2025-21480, as well as the third one that completes this flaw (CVE-2025-27038), allow a malicious person to corrupt the phone's RAM. This technique, quite commonly used by hackers when it remains exploitable, then allows the contents of memory addresses to be changed, which allows arbitrary code to be executed.
From there, the hacker can take complete control of the device, or steal its data – by installing the necessary malware without user intervention. Qualcomm does not publicly provide a list of affected devices. You must therefore rely on the brand of your device, which should soon offer, if it has not already done so, a critical security update.
Unfortunately, your smartphone will remain indefinitely exposed to the problem if it is no longer supported for security updates due to its age. This means that it is rather advisable to avoid using this type of device with sensitive applications such as those of your bank or crypto wallets.
However, one thing is rather certain at this stage: devices like the Google Pixel remain protected against this flaw. As well as devices that use MediaTek chips and other alternative brands.
0 Comments