Google Urgently Patches Major Qualcomm Security Flaw Hitting Android Phones - Act Now
A major security flaw in Android smartphones has been patched by Google, with the company issuing an update that includes fixes for two critical vulnerabilities. The flaws, identified as CVE-2025-21479 and CVE-2025-27038, have been actively exploited in the wild, posing a significant risk to users.
The Flaws: A Threat from Nation-Sponsored Actors
In June 2025, Qualcomm publicly announced three vulnerabilities, including two that were being used in "limited, targeted exploitation." The Google Threat Analysis Group (TAG) identified these flaws as indications of state-sponsored threat actors targeting high-value individuals such as diplomats, journalists, dissidents, scientists, and similar. This suggests that the attacks are likely to be nation-state sponsored, making them a serious concern for users.
A Call to Action from Qualcomm
Qualcomm urged OEMs (such as Google) to deploy the patch in their products without delay. "Patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May together with a strong recommendation to deploy the update on affected devices as soon as possible," Qualcomm said.
The August 2025 Update: A Major Fix
Google has now issued an update for Android, which includes fixes for two of the flaws: CVE-2025-21479 and CVE-2025-27038. The former is described as "memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands," with a severity score of 8.6/10 (high). The latter is described as "memory corruption while rendering graphics using Adreno GPU drivers in Chrome," with a severity score of 7.5/10 (high).
A Deadline for FCEB Organizations
The US Cybersecurity and Infrastructure Security Agency (CISA) added these two bugs to its Known Exploited Vulnerabilities (KEV) catalog on June 3, giving Federal Civilian Executive Branch (FCEB) organizations a three-week deadline to patch up, or stop using vulnerable software entirely.
Update Timeline: A Patch for Different Devices
Given Android's decentralized structure, it is safe to assume that different devices (for example, Samsung's Galaxy lineup, or OnePlus' One lineup) will be getting these updates at different times. Pixel, being Google's lineup of mobile phones, will most likely receive the updates first.
A Cautionary Tale: Protect Your Devices
This update serves as a reminder that security vulnerabilities can arise at any time and should not be taken lightly. Users are advised to keep their devices up to date with the latest security patches and to exercise caution when interacting with suspicious content online.