• Source:JND
Add as a preferred

Qualcomm has released important updates that fix a range of security issues in their mobile chipsets—including three active zero-day vulnerabilities that are said to be currently exploited in targeted hacking operations. This comes after disclosure reports from Google’s TAG, which identified the vulnerabilities as potential risks for state-sponsored hacking.

Zero-Day Vulnerabilities: What’s Affected

TAG believes the following zero-day exploits were filed with Qualcomm as problems needing solutions within Qualcomm’s mobile chipsets:

  • CVE-2025-21479

  • CVE-2025-21480

  • CVE-2025-27038

It is claimed that Google’s Android Security Team brought these alleged exploits to Qualcomm’s attention back in 2025 through confidential channels. They seem to have restricted, tailored exploitation—likely the work of sophisticated adversarial actors.

Note: Zero-day vulnerabilities are especially dangerous because they are unknown to hardware and software vendors at the time of exploitation, giving attackers a critical edge.

ALSO READ: Nothing Phone 3 Set To Launch On July 1: Flagship Leap With Bold Redesign

Patch Deployment & Risks

The issue, as usual, is more complex. Qualcomm’s patches are available as of May 2025, but due to the fragmented nature of Android’s ecosystem, device manufacturers will have to push updates individually. This results in:

  • A large number of Android phones sitting unpatched for weeks, if not months.  

  • Complete lack of support for older models with little to no maintenance, meaning some devices will never get the fixes.

Qualcomm did advise that security updates were vital, but OEMs also needed to urgently deploy the patches.

Are Google Pixel Devices Affected?

Ed Fernandez, a Google representative, commented stating that the Qualcomm vulnerabilities do not impact Pixel smartphones. Other devices using the affected chipsets from Qualcomm do remain at risk however, but only until the patches are installed and actively pushed.

Industry Reactions and Historical Context

Security experts are still raising concerns regarding chipset-level vulnerabilities due to the deep access they have to a device's operating system and hardware components. When these chips are exploited, hackers have the potential to access:

  • Encrypted data

  • Sensitive apps and services

  • User communications and credentials

Amnesty International last year revealed a zero-day exploit on Qualcomm’s hardware being abused by the Serbian government, potentially through spyware tools developed by Cellebrite.

ALSO READ: The Witcher 4 Tech Demo Is Out And It Looks Spectacular: A Glimpse Into What Unreal Engine 5 Can Really Do!

Conclusion

The reported zero-days encompasses vulnerabilities which Qualcomm was quick to respond to, indicating that smartphone security, particularly at the silicon level, is very critical. The concern, however, transcends beyond just issuing patches, including the timely execution by the OEMs and the knowledge of the users. The increasing risk to mobile devices means that updates need to be regular and devices need to be used more carefully by consumers and manufacturers.