Millions of Android Devices Targeted: Qualcomm Rushes to Patch Dangerous Zero-Day Flaws in Adreno GPUs
Qualcomm patches 3 critical Adreno GPU zero-days as threat actors exploit Android devices—act now to stay secure in 2025.
- 3 Zero-Days: Patched by Qualcomm, affecting Adreno GPUs
- Since January 2025: Vulnerabilities exploited in the wild
- Up to 8.6/10 Severity: High risk of memory corruption
- Millions Affected: Flagship, midrange, and budget Androids are vulnerable
If you own an Android smartphone, your device could be exposed—unless you act fast. Qualcomm, the tech giant powering most Android phones, has rolled out urgent fixes for three zero-day vulnerabilities in its flagship Adreno GPU, after months of silent exploitation in the cyber wild.
This latest security scare impacts a giant slice of the Android market, from Samsung and Google Pixel users to OnePlus, Xiaomi, and more. Left unpatched, attackers could target your phone using flaws capable of corrupting memory and hijacking sensitive data.
What Are the Latest Qualcomm Zero-Days?
The June 2025 Android Security Bulletin names three specific threats: CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038.
– The first two are incorrect authorization bugs—software slip-ups that allow hackers to bypass checks and tamper with your device’s vital memory. Both score a dangerous 8.6 out of 10.
– The third, a use-after-free flaw, can be chained for further attacks, earning a still-serious 7.5 severity.
All were discovered abused in the wild since January 2025—meaning attackers got a head start before Qualcomm slammed the brakes.
Are My Devices at Risk?
Chances are, yes—if your phone features a recent Qualcomm Snapdragon chip, you could be exposed. The list spans the Snapdragon 8 Gen 2 and Gen 3 (top-end flagships), the widely popular Snapdragon 778G, 695, and even entry-level chips like the 4 Gen 1 and Gen 2.
Popular brands affected include:
– Samsung Galaxy series
– Google Pixel phones
– OnePlus devices
– Xiaomi models
These vulnerabilities lurk in the Graphics component, embedded deep within your phone’s system.
Did Hackers Already Exploit These Flaws?
While Qualcomm and Google have kept tight-lipped on who was targeted and how, security teams detected real-world exploitation between January and May 2025. Reports from Google’s Threat Analysis Group point to targeted, covert abuse rather than mass attacks.
For context, similar vulnerabilities historically powered spyware from notorious groups like Variston and Cy4Gate. In late 2024, a related Qualcomm bug was weaponized by the Serbian secret service to breach Androids seized from journalists and activists.
For broader context on cyber-espionage and digital defense, visit The Hacker News and Kaspersky.
What Should I Do to Stay Safe Now?
Q: Will updating my phone fix the problem?
A: Yes—but only after your device manufacturer (OEM) pushes out the fix. Qualcomm has handed the patches to brands like Samsung, Google, and Xiaomi. It’s now up to them to include the update in their next security patch. Monitor your device for the June or July 2025 security update.
Q: How can I check if I’ve received the update?
A: Go to your device’s Settings > About Phone > Software Updates and tap ‘Check for Updates’. If your device is due, install the patch immediately.
Q: Are there any workarounds until my phone is patched?
A: Limit risky downloads, avoid suspect apps, and keep other security settings tightened. Use official app stores like Google Play for software.
How Were These Flaws Discovered?
Google’s expert Threat Analysis Group—famed for sniffing out elite cyber-attacks—detected signs of exploitation in early 2025. Their forensics helped Qualcomm identify and squash the bugs for good.
Security experts warn that while mass campaigns aren’t yet seen, targeted attacks—especially against activists, journalists, or those with valuable data—are likely ongoing.
Protect Yourself: Next Steps
Don’t wait for headlines to catch up. Act now:
Checklist for Android Users:
- Check for security updates today and apply them ASAP.
- Set your phone to auto-update if available.
- Avoid installing apps from unknown sources or unofficial stores.
- Review device permissions and revoke anything suspicious.
- Spread the word to friends and family with Android devices.
Your phone’s safety is in your hands—stay vigilant, update regularly, and keep your digital world out of harm’s way.