- Android phones possibly threatened for concern for security threat
- Qualcomm launches the solution for two main defects in May and urged the OEM to apply it
- Google launched a patch, so users should now update
Google has paved an important vulnerability that affects Android smartphones that are actively exploited in nature.
In June 2025, Qualcomm publicly announced three vulnerabilities: CVE-2025-21479, CVE-2025-21480, CVE-2025-27038, saying that they were “indications” of the Google threat analysis group (Tag) were used in “limited and directed explicit”.
Tag specifically focuses on the monitoring of threat actors sponsored by the State, along with other highly sophisticated piracy groups, so if they were used in a specific and specific exploitation, it is safe to assume that these were states aimed at high value people such as diplomats, journalists, dissidents, scientists and the like.
Cisa sounds the alarm
At that time, Qualcomm also urged the OEM (such as Google) to implement the patch in their products without delay.
“The patches for the problems that affect the controller of the Adreno Graphics Processing Unit (GPU) have been made available to the OEM in May, along with a strong recommendation to implement the update on the affected devices as soon as possible,” said Qualcomm.
Google has now issued the August 2025 update for Android, which includes solutions for two of the defects: CVE-2025-21479 and CVE-2025-27038.
The first is described as “memory corruption due to the execution of unauthorized commands in Micronode GPU while a specific sequence of commands is executed”, and a severity score of 8.6/10 (high) was given. The latter is described as “memory corruption while graphics using ADRENO GPU controllers in Chrome”, with a gravity score of 7.5/10 (high).
The Cybersecurity and Infrastructure Security Agency of the USA (CISA) also added these two errors to its well -known catalog of exploited vulnerabilities (KEV) on June 3, which provides federal organizations of Civil Executive Branch (FCEB) a three -week deadline to patch or stop using a completely vulnerable software.
Given the decentralized structure of Android, it is safe to assume that different devices (for example, the Samsung Galaxy alignment, or the OnePlus’ One) line will obtain these updates at different times. Pixel, being Google’s mobile phone line, you will probably receive first updates.
Through Bleepingcomputer
