Qualcomm Zero-Day Exploit Targets Android Devices – Update Now!

by Anika Shah - Technology
0 comments

Android Zero-Day Exploited: Urgent Security Updates Needed

A critical zero-day vulnerability in Qualcomm chipsets powering numerous Android devices is currently being exploited, prompting Google to release urgent security updates. The flaw, designated CVE-2026-21385, allows attackers to bypass security measures and potentially gain control of affected systems.

Details of the Vulnerability

CVE-2026-21385 is a high-severity memory corruption vulnerability stemming from an integer overflow or graphics wraparound condition within a Qualcomm graphics component . Qualcomm reported the vulnerability to Google’s Android Security Team on December 18, 2025, and notified customers on February 2, 2026 . The vulnerability impacts over 230 different chipset models , potentially affecting hundreds of millions of devices worldwide .

Limited, Targeted Exploitation

Google’s March 2026 Android Security Bulletin indicates “there are indications that CVE-2026-21385 may be under limited, targeted exploitation” . This suggests the vulnerability is being used in focused attacks, potentially by state-sponsored actors, rather than widespread, indiscriminate campaigns.

Additional Critical Vulnerabilities Patched

The March 2026 update addresses a total of 129 vulnerabilities, including a critical remote code execution (RCE) flaw (CVE-2026-0006) in the System component . Other patched vulnerabilities include a privilege escalation bug in Framework (CVE-2026-0047), a denial-of-service (DoS) in System (CVE-2025-48631), and seven privilege escalation flaws in Kernel components (CVE-2024-43859, CVE-2026-0037, CVE-2026-0038, CVE-2026-0027, CVE-2026-0028, CVE-2026-0030, and CVE-2026-0031) .

Patch Deployment Challenges

While Google has released patches, the rollout to end-user devices depends on Original Equipment Manufacturers (OEMs) and mobile carriers. Adam Boynton, senior enterprise strategy manager at Jamf, highlights that this process can accept days or even months, leaving devices vulnerable during the interim . The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-21385 to its Known Exploited Vulnerabilities catalogue, mandating Federal Civilian Executive Branch agencies to apply the updates by March 24 .

Apple iOS Also Targeted

Google’s Threat Intelligence Group (GTIG) also revealed a powerful exploit kit, “Coruna,” targeting Apple iPhones running iOS versions 13.0 through 17.2.01. This kit contains 23 exploits and has been linked to Russian intelligence and financially motivated cybercriminals .

Staying Protected

Users should ensure their Android devices are updated to patch level 2026-03-05 or later . Regularly checking for updates in Settings > About phone > Software updates is crucial. For those unable to update immediately, enabling Lockdown Mode on iOS devices is recommended.

Related Posts

Leave a Comment