Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Touppinker Géant Qualcomm published patches Monday, setting a series of vulnerabilities in dozens of chips, three of which zero-day That the company has declared can be used in the context of hacking campaigns.
Qualcomm cited the threat analysis group of Google, or TAG, which is investigating cyber attacks supported by the government, claiming that the three faults “can be under a limited and targeted exploitation”.
According to the company’s bulletin, Google’s Android security team reported the three zero days (CVE-2025-21479, CVE-2025-21480 and CVE-2025-27038) in Qualcomm in February. Zero days are security vulnerabilities that are not known to the software or the manufacturer of hardware at the time of their discovery, by making them extremely precious For cybercriminals and government pirates.
Due to the open source and distributed nature of Android, it is now up to the manufacturers of devices to apply the fixes provided by Qualcomm, which means that some devices can always be vulnerable for several weeks, despite the fact that there are available fixes.
Contact us
Do you have more information about these Qualcomm zero-days? Or other zero-day exploits or zero days manufacturers? From a device and a non-work network, you can contact Lorenzo Franceschi-Bicchiera safely on the signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or e-mail.
Qualcomm declared in the bulletin that the fixes “were made available to [device makers] In May with a high recommendation to deploy the update on affected devices as soon as possible. »»
Google’s spokesperson Ed Fernandez told Techcrunch that the company’s pixel devices are not affected by these Qualcomm vulnerabilities.
Kimberly Samra, spokesperson for the Google tag, did not immediately provide more information on these vulnerabilities and the circumstances in which the tag found them.
Qualcomm has recognized the fixes. “We encourage end users to apply security updates as they are available from apparatus manufacturers,” said company spokesperson Dave Schefcik.
Chipsets found in mobile devices are frequent targets for hackers and zero day operating developers, as fleas generally have wide access to the rest of the operating system, which means that hackers can jump from there to other parts of the device which can contain sensitive data.
In recent months, operating cases have been documented against Qualcomm chipsets. Last year, Amnesty International identified one day zero Qualcomm This was used by the Serbian authorities, probably using the manufacturer of Celibrite phone unlocking tools.
Updated to include the comment of the Qualcomm spokesperson.
