Particle.news
Download on the App Store
5 ARTICLES
·
2w ago

Qualcomm Patches Three Exploited Zero-Days in Adreno GPU Driver

Many Android phones remain exposed to spyware risks pending OEM updates ahead of CISA’s June 24 compliance deadline.

A person holding up two Samsung phones, one in each hand, at a Samsung event in 2019.
Image
Qualcomm has not disclosed which products are impacted by the security flaws
Image

Overview

  • Qualcomm released security patches in May for three zero-day flaws—CVE-2025-21479, CVE-2025-21480 and CVE-2025-27038—after Google’s Threat Analysis Group flagged active exploits.
  • TAG investigators traced the vulnerabilities to targeted campaigns that installed NoviSpy spyware capable of bypassing Android’s built-in protections.
  • Device makers have started integrating Qualcomm’s fixes but staggered rollouts mean weeks-long delays before many users receive updates.
  • Google’s Pixel smartphones are unaffected because they run on the company’s Tensor chips rather than Adreno GPU drivers.
  • CISA has ordered federal agency staff to update or discontinue use of vulnerable devices by June 24 or implement alternative mitigations.