Particle.news
Download on the App Store
5 ARTICLES
·
6d ago

Qualcomm Patches Three Adreno GPU Zero-Days Targeted in Spyware Campaigns

Google’s warning of in-the-wild exploits has prompted urgent deployment of Qualcomm’s fixes ahead of a June 24 federal device update deadline.

A person holding up two Samsung phones, one in each hand, at a Samsung event in 2019.
Image
Qualcomm has not disclosed which products are impacted by the security flaws
Image

Overview

  • Google’s Threat Analysis Group uncovered active exploitation of CVE-2025-21479, CVE-2025-21480 and CVE-2025-27038 in limited, targeted attacks.
  • Qualcomm distributed patches for the Adreno GPU driver flaws to device makers in May, urging immediate updates.
  • The vulnerabilities arise from incorrect authorization in the GPU graphics framework and a use-after-free bug that enabled installation of spyware such as NoviSpy.
  • While Google’s Pixel devices are unaffected, other Android handsets remain vulnerable until manufacturers complete patch rollout.
  • CISA has mandated that federal employees update or discontinue use of at-risk devices by June 24, 2025 to comply with security requirements.