Chipmaker Giant Qualcomm paps are circulating Monday by setting a series of vulnerable points in dozens of brands, including three zero days that the company said it could be used as part of hacking campaigns.
Qualcomm reported the Google threat analysis group or TAG, which is investigating government government representations, saying that the three defects “may be limited, targeted exploitation”.
According to the company’s Bulletin, Google’s Android Security Team reported the three zero days (CVE-2025-21479, CVE-2025-21480 and CVE-2025-27038) at Qualcomm in February. Zero days are security vulnerabilities that are not known to the software or hardware manufacturer at the time of their discovery, making them extremely valuable to cybercrime and government hackers.
Due to the open source and distributed nature of Android, it now depends on device manufacturers to apply the patches provided by Qualcomm, which means that some devices may be vulnerable for several weeks, despite the fact that there are patches.
Contact us
Do you have more information about these zero days Qualcomm? Or other zero -day farms or zero -day manufacturers? From a device and non-work network, you can contact Lorenzo Franceschi-bicchierai safely on the mark on +1 917 257 1382, or through the telegram and keybase @lorenzofb or email.
Qualcomm told the Bulletin that the patches “are allocated [device makers] In May, along with a strong recommendation for the development of information on devices affected as soon as possible. ”
Google Ed Fernandez’s spokesman told TechCrunch that the company’s Pixel devices are not affected by these Qualcomm vulnerabilities.
Kimberly Samra, a spokesman for Google’s label, did not immediately provided further information about these vulnerabilities and the conditions in which they were tagged.
Qualcomm recognized corrections. “We encourage end users to apply security updates as they are available from device manufacturers,” said Dave Schefcik spokesman.
Mobile chipsets are frequent targets for hackers and zero -day exploitation developers, because brands generally have wide access to the rest of the operating system, which means that hackers can jump from there to other parts of the device that can hold sensitive data.
In recent months, cases have been documented against Qualcomm Chipsets. Last year, Amnesty International recognized a zero day of Qualcomm used by the Serbian authorities, possibly using the Cellebrite phone unlock manufacturer.
Was informed to include Qualcomm’s spokesman’s comment.
