Phone chipmaker Qualcomm fixes three zero-days exploited by hackers
Qualcomm cited Google's Threat Analysis Group, or TAG, which investigates government-backed cyberattacks, saying the three flaws 'may be under limited, targeted exploitation.'
According to the company's bulletin, Google's Android security team reported the three zero-days (CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038) to Qualcomm in February. Zero-days are security vulnerabilities that are not known to the software or hardware maker at the time of their discovery, making them extremely valuable for cybercriminals and government hackers.
Because of Android's open source and distributed nature, it's now up to device manufacturers to apply the patches provided by Qualcomm, which means some devices may still be vulnerable for several more weeks, despite the fact that there are patches available.
Contact Us Do you have more information about these Qualcomm zero-days? Or other zero-day exploits or zero-day makers? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or
Do you have more information about these Qualcomm zero-days? Or other zero-day exploits or zero-day makers? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email .
Qualcomm said in the bulletin that the patches 'have been made available to [device makers] in May together with a strong recommendation to deploy the update on affected devices as soon as possible.'
Google spokesperson Ed Fernandez told TechCrunch that the company's Pixel devices are not affected by these Qualcomm vulnerabilities.
When reached by TechCrunch, a spokesperson for Google's TAG did not immediately provide more information about these vulnerabilities, and the circumstances in which TAG found them.
Qualcomm did not respond to a request for comment.
Chipsets found in mobile devices are frequent targets for hackers and zero-day exploit developers because chips generally have wide access to the rest of the operating system, which means hackers can jump from there to other parts of the device that may hold sensitive data.
In the last few months, there have been documented cases of exploitation against Qualcomm chipsets. Last year, Amnesty International identified a Qualcomm zero-day that was being used by Serbian authorities, likely by using phone unlocking tool maker Cellebrite.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
11 minutes ago
- Yahoo
Police say 3 are dead in a shooting at a Target in Austin, Texas, and the suspect has been caught
Police say 3 are dead in a shooting at a Target in Austin, Texas, and the suspect has been caught
Yahoo
11 minutes ago
- Yahoo
Nevada Supreme Court approves Jon Gruden appeal in NFL lawsuit, blocks arbitration
The Nevada Supreme Court has sided with Jon Gruden in an appeal, marking the latest victory in his ongoing lawsuit against the NFL. The decision, which was made official on Monday, blocks the NFL from sending the case into arbitration. One of the issues at hand was an arbitration clause in the NFL's constitution, which the league argued kept Gruden from being able to make the lawsuit public. But on Monday, the Nevada Supreme Court ruled 5-2 in favor of the former Las Vegas Raiders coach, finding that the clause is "unconscionable" and does not apply to Gruden, as he is a former employee, via NBC's Mike Florio. Gruden sued the NFL shortly after resigning from the Raiders in 2021, but his latest legal battles have been around the manner of the lawsuit. Gruden has wanted his trial to be public, as part of a quest to expose what he believes were deliberate leaks in the NFL; the league, meanwhile, wanted a closed-door arbitration. Gruden originally won before a trial court, but a Nevada Supreme Court panel overturned the ruling in May 2024 as part of a lengthy appeal. Per court documents, Gruden's lawyers filed for a rehearing on the appeal last summer, which was denied. A month later, they filed for an en banc reconsideration, which was granted in October. The panel officially sided with Gruden on Monday. The NFL has yet to comment on Gruden's latest legal victory, but it is likely that the league will appeal the ruling in the U.S. Supreme Court, which may or may not decide to hear the case. Gruden sought public lawsuit in court to expose 'the truth' Gruden resigned from his job as Raiders head coach in 2021 after a New York Times report exposed his email exchanges with former Washington Football Team executive Bruce Allen, among others, that showed his use of racist, anti-gay and misogynistic language. Gruden sued the NFL and commissioner Roger Goodell in 2021, accusing them of plotting to destroy his career via a "malicious and orchestrated campaign" by leaking those emails. The emails surfaced from an investigation into the Washington Commanders and then-team owner Dan Snyder. The lawsuit argues that Gruden was targeted in the alleged leaks and that "there is no explanation or justification" for why the correspondence of others in the league was not exposed. Gruden had previously vowed that "the truth will come out" regarding unnamed others around the NFL. NFL sought closed-door arbitration The NFL has since made multiple attempts to strike down the lawsuit, arguing that a clause in Gruden's contract with the Raiders requires him to seek dispute settlement via arbitration. Gruden's attorneys have argued that the clause doesn't apply since he his no longer an employee of the Raiders and that his dispute is with the NFL, not the Raiders. In 2022, Nevada 8th Judicial District Court Judge Nancy Allf denied the NFL's effort to dismiss the lawsuit and ruled that the case could continue in open court. NFL spokesman Brian McCarthy dismissed Gruden's lawsuit as meritless after the district court ruling and vowed to appeal. 'The allegations are entirely meritless and the NFL will vigorously defend against these claims,' McCarthy's 2022 statement reads.
Yahoo
11 minutes ago
- Yahoo
Sinclair launches strategic review of broadcast unit, weighs spinoff of Ventures
(Reuters) -Sinclair said on Monday its board has authorized a strategic review of the company's broadcast business and it is considering a separation of its Ventures portfolio, sending its shares up 15% in extended trading. The review comes as media companies are exploring options for their cable TV businesses, as audiences rapidly abandon linear TV in favor of streaming platforms. Sinclair owns, operates and provides services to 178 television stations in 81 markets. The Ventures portfolio is comprised of Sinclair's private equity and real-estate assets, a cable network that includes coverage of most of tennis' top tournaments called the Tennis Channel, as well as its ad tech unit, Digital Remedy. "We expect separating Ventures will crystallize significant value that the market has overlooked within our current structure, giving us even more flexibility to drive our broadcast strategy forward," CEO Chris Ripley said. The Ventures business made nearly $11 million in minority investments during the second quarter. The company cautioned that the strategic review may not result in any transaction or change. For the quarter ended June 30, Sinclair's total revenues decreased 5% to $784 million. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
