Phone chipmaker Qualcomm fixes three zero-days exploited by hackers

Qualcomm, a leading chip manufacturer, announced on Monday the release of crucial updates to address multiple vulnerabilities across its chipsets, including three zero-day exploits that are reportedly being utilized in hacking operations. The company referenced insights from Google’s Threat Analysis Group (TAG), which focuses on investigating cyberattacks linked to government entities, highlighting that these three vulnerabilities could be under specific, targeted exploitation. The identified zero-days, cataloged as CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038, were disclosed to Qualcomm by Google’s Android security team back in February. Zero-day vulnerabilities are particularly perilous as they are unknown to the developers at the time of their discovery, making them highly sought after by cybercriminals and state-sponsored hackers. Due to the open-source nature of Android, it is now the responsibility of device manufacturers to implement the patches offered by Qualcomm, which raises concerns that many devices may remain at risk for weeks, despite the availability of fixes. Qualcomm indicated in their advisory that these patches were made accessible to device manufacturers in May, along with a strong recommendation for prompt deployment on impacted devices. A Google representative confirmed to TechCrunch that their Pixel devices are not vulnerable to these Qualcomm issues. However, a response from TAG regarding additional details of the vulnerabilities and the context of their discovery has not yet been provided. Qualcomm has not commented further. Mobile chipsets are often prime targets for hackers and zero-day exploit developers as they typically have extensive access to the operating system, allowing for potential breaches into sensitive data areas. Recent months have seen documented instances of exploitation targeting Qualcomm chipsets, with Amnesty International revealing a Qualcomm zero-day that was allegedly exploited by Serbian authorities through a phone unlocking tool developed by Cellebrite.