Qualcomm Resolves Three Zero-Day Vulnerabilities Targeting Android Devices Through Adreno GPU

June 02, 2025
Spyware / Vulnerability

Qualcomm has released security updates to address three zero-day vulnerabilities that have been exploited in limited, targeted attacks. These flaws, responsibly disclosed by the Google Android Security team, include:

  • CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6): Two incorrect authorization vulnerabilities in the Graphics component that could lead to memory corruption due to unauthorized command execution in GPU microcode during specific command sequences.

  • CVE-2025-27038 (CVSS score: 7.5): A use-after-free vulnerability in the Graphics component that may result in memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

According to Qualcomm’s advisory, the Google Threat Analysis Group has indicated that CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038 might be under limited, targeted exploitation. Patches have been issued to resolve the vulnerabilities affecting the Adreno graphics architecture.

Qualcomm Addresses Critical Security Flaws Exploited in Targeted Android Attacks

On June 2, 2025, Qualcomm announced the release of vital security updates aimed at mitigating three zero-day vulnerabilities that have reportedly been leveraged in targeted attacks against Android devices. These vulnerabilities, identified in collaboration with the Google Android Security team, pose significant risks due to their potential exploitation in real-world scenarios.

The vulnerabilities include CVE-2025-21479 and CVE-2025-21480, both of which are categorized as incorrect authorization issues within the Graphics component. These flaws can lead to memory corruption as a result of unauthorized command executions in the GPU microcode when specific sequences are followed. The Common Vulnerability Scoring System (CVSS) rates these vulnerabilities with a high severity score of 8.6, indicating their critical nature and the potential for severe impact if exploited.

Another notable vulnerability, CVE-2025-27038, is classified as a use-after-free vulnerability within the Graphics component. This flaw can similarly result in memory corruption while rendering graphics through Adreno GPU drivers, particularly in the Chrome browser. This vulnerability rates slightly lower on the CVSS scale, with a score of 7.5, yet remains a significant concern within the cybersecurity landscape.

Qualcomm’s advisory highlights concerns raised by the Google Threat Analysis Group, suggesting that the aforementioned vulnerabilities are currently experiencing limited yet targeted exploitation. Such claims prompt scrutiny, particularly for businesses reliant on Android platforms, as the risks posed by these vulnerabilities could have implications for data security and operational integrity.

The targeting of Qualcomm’s GPU components draws attention to broader cybersecurity tactics potentially used by adversaries. According to the MITRE ATT&CK framework, the exploitation of these vulnerabilities might involve techniques related to initial access and privilege escalation. Specifically, attackers could gain unauthorized access to the system and exploit these vulnerabilities to execute arbitrary code, thereby increasing their control over affected devices.

Qualcomm’s prompt action to address these vulnerabilities underscores the urgency of implementing security measures for businesses utilizing Android technology. The affected devices, primarily found in sectors involving sensitive information, necessitate immediate updates to protect against these emerging threats.

For business owners, awareness and proactive management of such vulnerabilities are essential to safeguard against potentially devastating security breaches. The ongoing evolution of threats in the cybersecurity landscape emphasizes the importance of remaining informed and vigilant regarding software updates and vulnerability disclosures. As Qualcomm moves to mitigate these identified risks, all stakeholders must prioritize their cybersecurity strategies to adapt to the evolving threat environment.

Source link

Related Posts

China-Linked Hackers Target SAP and SQL Server Vulnerabilities in Attacks Across Asia and Brazil

May 30, 2025
Vulnerability / Threat Intelligence

A China-linked threat group has been identified as the source of recent attacks exploiting a critical security flaw in SAP NetWeaver, part of a larger campaign against organizations in Brazil, India, and Southeast Asia that began in 2023. According to Trend Micro security researcher Joseph C. Chen, the attackers primarily exploit SQL injection vulnerabilities in web applications to infiltrate SQL servers of targeted entities. “The actor also leverages various known vulnerabilities to compromise public-facing servers,” Chen noted in a recent analysis. Key targets have included Indonesia, Malaysia, the Philippines, Thailand, and Vietnam. Trend Micro is tracking this activity under the name Earth Lamia, which shows some overlap with threat clusters reported by Elastic Security Labs as REF0657, Sophos as STAC6451, and Palo Alto Networks’ Unit 42.

Security Flaws in Preinstalled Apps on Ulefone and Krüger&Matz Phones Allow Unauthorized Device Resets and PIN Theft

Three security vulnerabilities have been identified in preloaded Android applications on Ulefone and Krüger&Matz smartphones. These flaws enable any installed app to factory reset the device and potentially encrypt other applications. Key details of the vulnerabilities include:

  • CVE-2024-13915 (CVSS score: 6.9): A pre-installed “com.pri.factorytest” app on Ulefone and Krüger&Matz devices exposes a service that permits any app to execute a factory reset.

  • CVE-2024-13916 (CVSS score: 6.9): The “com.pri.applock” app on Krüger&Matz smartphones allows users to encrypt apps using a PIN or biometric data. This app also exposes a method that lets malicious apps access sensitive fingerprint data.

Urgent Chrome Zero-Day Vulnerability Being Actively Exploited; Google Releases Emergency Patch

June 3, 2025
Browser Security / Vulnerability

On Monday, Google announced emergency fixes for three security vulnerabilities in its Chrome browser, including a critical flaw currently being exploited in the wild. This high-severity issue, tracked as CVE-2025-5419 (CVSS score: 8.8), pertains to an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. According to the National Vulnerability Database (NVD), “Out-of-bounds read and write in V8 in Google Chrome prior to version 137.0.7151.68 allowed remote attackers to potentially exploit heap corruption via a specially crafted HTML page.” The flaw was identified and reported by Clement Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG) on May 27, 2025, and was promptly addressed the following day with a configuration update to the Stable version of Chrome across all platforms. As is typical, the advisory provides limited details concerning the…

Critical 10-Year Vulnerability in Roundcube Webmail Allows Code Execution by Authenticated Users

On June 3, 2025, cybersecurity researchers revealed a significant security flaw in Roundcube webmail software, active for a decade, that could enable authenticated users to execute malicious code on vulnerable systems. Classified as CVE-2025-49113, the vulnerability has a CVSS score of 9.9 out of 10, highlighting its severity. It involves post-authentication remote code execution through PHP object deserialization. According to the National Vulnerability Database (NVD), “Roundcube Webmail versions before 1.5.10 and 1.6.x prior to 1.6.11 allow authenticated users to execute remote code due to the lack of validation for the _from parameter in the URL in program/actions/settings/upload.php.” This flaw affects all versions up to and including 1.6.10 but has been patched in versions 1.6.11 and 1.5.10 LTS. The vulnerability was discovered and reported by Kirill Firsov, founder and CEO of FearsOff.