Latest news with #CVE-2025-21479
Daily Record
3 days ago
- Daily Record
Android users given 'critical' warning and urged to restart their devices now
Google has released a vital update and has urged users to follow their advice. Android users are being urged to update their smartphones as soon as possible. A new security update from Google has been released that fixes bugs in the system that have been given a 'critical' rating. For those wanting to keep their devices safe, it is vital to follow the tech firm's advice. Fixing a total of six issues currently within Android's platform, everyone who uses the popular operating system is being urged to pay attention to the current security update. While this may seem like a smaller update compared to other months, this does not mean it should be ignored for a later date. In fact, one expert has said the criticality "cannot be understated". Adam Boynton, senior security manager EMEIS at Jamf, highlighted some of the key reasons why Android users should follow the Goolge advice. He said: "While August's Android Security Bulletin is lighter in volume compared to earlier this year, the criticality of the patched issues cannot be understated. "Perhaps most concerning is CVE‑2025‑48530, a critical system-level vulnerability allowing remote code execution without user interaction." This means that if Android users ignore this crucial update, they could be leaving their phone vulnerable to being overhauled and controlled by a hacker. The most worrying part is that the smartphone user wouldn't even be aware it was happening, reports the Express. On top of this, the latest system update also fixes an issue that could lead to targeted exploitation if ignored. This significant threat was discovered by tech giant Qualcomm. They confirmed: "There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation. "Patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May together with a strong recommendation to deploy the update on affected devices as soon as possible." While experts are unsure if Android users have been under attack by hackers, it is best to proceed with caution and update your device when alerted of a system upgrade. As Google provides their software and system updates to all Android devices, the Google Pixel smartphones will be the first to receive the update alert. Other manufacturers such as Samsung, OnePlus and Motorola will then send out their own updates in the coming weeks to provide the latest level of security to your phones. In order to not miss this update, it is important to keep an eye on your settings app. If there is a system update available, it is important to install it straight away and restart your device in order to provide an extra wall of security against current and future hacks. Hacking into your phone's system isn't the only way that cyber crooks can infiltrate your tech and steal your personal and financial data, they can also do so by controlling popular apps. Recently Action Fraud reported a spike in incidents on WhatsApp, which has seen hackers takeover accounts and start sending messages to your contacts to steal money and data. Those impacted by this attack have found themselves locked out of their accounts, which has stopped them from accessing their current chats or contacts to warn others of the breach. On X Action Fraud said: "Protect your WhatsApp account against hackers. We continue to see a rise in the number of reports relating to WhatsApp account takeovers." WhatsApp users can protect their accounts by authorising a two-step verification, being wary of any unexpected messages or requests and calling their contacts to help verify their identity. Join the Daily Record WhatsApp community! Get the latest news sent straight to your messages by joining our WhatsApp community today. You'll receive daily updates on breaking news as well as the top headlines across Scotland. No one will be able to see who is signed up and no one can send messages except the Daily Record team. All you have to do is click here if you're on mobile, select 'Join Community' and you're in! If you're on a desktop, simply scan the QR code above with your phone and click 'Join Community'. We also treat our community members to special offers, promotions, and adverts from us and our partners. If you don't like our community, you can check out any time you like. To leave our community click on the name at the top of your screen and choose 'exit group'.
Daily Mirror
4 days ago
- Daily Mirror
Everyone using Android must restart their phones now as 'critical' warning issued
If you use Android it's worth checking the settings and restarting your device. There's a very important alert for all Android users this week, and everyone using this popular operating system must pay attention. Google has just released a vital security update which fixes a total of six issues with its smartphone platform. That already sounds scary but some of the bugs are so bad they have been given the 'critical' rating, which means the update should be installed as soon as possible. 'While August's Android Security Bulletin is lighter in volume compared to earlier this year, the criticality of the patched issues cannot be understated," Adam Boynton, Senior Security Strategy Manager EMEIA at Jamf explained. "Perhaps most concerning is CVE‑2025‑48530, a critical system-level vulnerability allowing remote code execution without user interaction." That warning basically means a hacker could take control of a phone, and the owner would be completely unaware. Another reason not to ignore the new release is that it fixes an issue discovered by tech giant Qualcomm, which could allow targeted exploitation - it remains a significant threat. "There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation," Qualcomm confirmed. "Patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May together with a strong recommendation to deploy the update on affected devices as soon as possible." It's unclear if consumers have been hit by the issue or faced attack from hackers but it's not a good idea to ignore this latest update or become complacent. Like all Android releases, Pixel phones will be the first to see the changes with other manufacturers then releasing their own fixes in the coming weeks. It's now a good idea to keep an eye on your settings. If you spot a systems update install it and restart your phone without delay. That will make sure it stays protected from any current or future attacks.
Tom's Guide
4 days ago
- Tom's Guide
Google's August security patches include a fix for these two Qualcomm flaws — update right now
Google has released security patches for six total vulnerabilities in its Android August 2025 update including two for Qualcomm flaws that have been used in targeted attacks. As reported by Bleeping Computer, both flaws were initially reported by Google's Android Security team in January 2025. The first bug (tracked as CVE-2025-21479) is a weakness in the graphics framework that can lead to memory corruption because of an unauthorized command execution in the GPU microcode. Meanwhile, the second bug (tracked as CVE-2025-27038), is a use-after-free vulnerability which also causes memory issues, this time while rendering graphics using Adreno GPU drivers in Chrome. In June, Google integrated the patches Qualcomm had announced. That same month, Qualcomm also stated that there had been evidence from Google's Threat Analysis Group that the two security bugs had been exploited in targeted attacks. In the same announcement, the company said that the patches for its Adreno GPU had been made available to OEMs in May and strongly recommended that those companies deploy the update. Additionally, these two security bugs were added to CISA's catalog as well, making it on the list of actively exploited vulnerabilities on June 3rd. CISA ordered federal agencies to update and secure their devices by June 24th. Other updates in the Android August 2025 security update include a security vulnerability in the System component that attackers, even those without the necessary privileges, can use to achieve remote code execution when chained with other flaws but only in attacks that don't require user interaction. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. The two sets of security patches that have been issued are 8/1/2025 and 8/5/2025; as usual, Pixel devices will immediately receive updates while other handsets will have theirs rolled out as the hardware manufacturers have time to test the updates against the hardware configurations. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
Yahoo
04-06-2025
- Business
- Yahoo
Android chipmaker Qualcomm fixes three zero-days exploited by hackers
Chipmaker giant Qualcomm released patches on Monday fixing a series of vulnerabilities in dozens of chips, including three zero-days that the company said may be in use as part of hacking campaigns. Qualcomm cited Google's Threat Analysis Group, or TAG, which investigates government-backed cyberattacks, saying the three flaws 'may be under limited, targeted exploitation.' According to the company's bulletin, Google's Android security team reported the three zero-days (CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038) to Qualcomm in February. Zero-days are security vulnerabilities that are not known to the software or hardware maker at the time of their discovery, making them extremely valuable for cybercriminals and government hackers. Because of Android's open source and distributed nature, it's now up to device manufacturers to apply the patches provided by Qualcomm, which means some devices may still be vulnerable for several more weeks, despite the fact that there are patches available. Do you have more information about these Qualcomm zero-days? Or other zero-day exploits or zero-day makers? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. Qualcomm said in the bulletin that the patches 'have been made available to [device makers] in May together with a strong recommendation to deploy the update on affected devices as soon as possible.' Google spokesperson Ed Fernandez told TechCrunch that the company's Pixel devices are not affected by these Qualcomm vulnerabilities. Kimberly Samra, a spokesperson for Google's TAG did not immediately provide more information about these vulnerabilities, and the circumstances in which TAG found them. Qualcomm acknowledged the fixes. "We encourage end users to apply security updates as they become available from device makers," said company spokesperson Dave Schefcik. Chipsets found in mobile devices are frequent targets for hackers and zero-day exploit developers because chips generally have wide access to the rest of the operating system, which means hackers can jump from there to other parts of the device that may hold sensitive data. In the last few months, there have been documented cases of exploitation against Qualcomm chipsets. Last year, Amnesty International identified a Qualcomm zero-day that was being used by Serbian authorities, likely by using phone unlocking tool maker Cellebrite. Updated to include Qualcomm's spokesperson comment. Sign in to access your portfolio
India Today
04-06-2025
- Business
- India Today
Qualcomm fixes multiple zero-day chip flaws after Google warns of active exploits by hackers
Chipmaker Qualcomm has rolled out security patches to fix three serious zero-day vulnerabilities affecting its Adreno GPU (graphics processing unit) driver, after Google warned that hackers were actively exploiting these flaws in targeted attacks. The issues came to light after Google's Threat Analysis Group (TAG) shared evidence that the vulnerabilities — tracked as CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038 — were being used in the wild. These flaws affect dozens of chipsets and could allow attackers to gain control of a device or install are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation,' Qualcomm said in a security advisory on first two vulnerabilities, CVE-2025-21479 and CVE-2025-21480, were reported to Qualcomm in January by Google's Android Security team. These issues are related to incorrect authorisation in the GPU's graphics framework, which can lead to memory corruption. The third flaw, CVE-2025-27038, was reported in March and is described as a use-after-free bug – a type of memory corruption that happens when a program continues to use memory after it has been freed. The third vulnerability is believed to be connected to the rendering process in Chrome when using Adreno GPU said it provided patches for all three vulnerabilities to original equipment manufacturers (OEMs) in May. The company says that the patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May together with a strong recommendation to deploy the update on affected devices as soon as the specific devices affected were not listed, Qualcomm advised users to contact their device makers for patch information. 'We encourage end users to apply security updates as they become available from device makers,' Qualcomm spokesperson Dave Schefcik said in a also confirmed that its Pixel line of smartphones were not affected by these vulnerabilities, a Google spokesperson told situation is more serious for some Android users, as Google's TAG team also discovered signs of spyware being used alongside these flaws. According to a report from Bleeping Computer, TAG found evidence that attackers used these vulnerabilities to install a spyware called NoviSpy, which can bypass Android's built-in security and gain deep access to a spyware was reportedly installed using a full exploit chain, which involves combining multiple bugs to bypass protections and gain control of the device at the kernel level, which is the deepest layer of the operating discovery adds to growing concerns about how sophisticated threat actors are finding ways to exploit hardware and software vulnerabilities for targeted the fixes now available, Qualcomm and Google are urging phone makers to push the patches to users as soon as possible to prevent further misuse of these security holes. Users, in turn, are advised to keep their devices updated and stay alert for software updates issued by their phone manufacturers.
