"The exploited flaw, tracked as CVE-2026-21385 (CVSS score of 7.8) and impacting the graphics component of over 200 Qualcomm chipsets, is described as an integer overflow or wraparound issue leading to memory corruption while using alignments for memory allocation."
"According to Jamf senior enterprise strategy manager Adam Boynton, the successful exploitation of the weakness could allow attackers to "bypass security controls and gain unauthorised control over the system"."
""There are indications that CVE-2026-21385 may be under limited, targeted exploitation," Google notes in Android's March 2026 security bulletin."
"The first part of the updates, rolling out as the 2026-03-01 security patch level, contains fixes for over 50 vulnerabilities in the Framework and System components, including critical flaws leading to remote code execution (RCE) and denial-of-service (DoS)."
Google announced Android security updates addressing approximately 130 vulnerabilities, including CVE-2026-21385, an exploited zero-day affecting Qualcomm's graphics component across over 200 chipsets. This integer overflow vulnerability enables memory corruption and allows attackers to bypass security controls and gain unauthorized system access. The flaw was reported December 18, 2025, with Qualcomm notifying customers February 2 and public disclosure occurring Monday. Google indicates limited, targeted exploitation is occurring. Updates deploy in two phases: the 2026-03-01 patch addresses over 50 Framework and System vulnerabilities including critical remote code execution flaws, while the 2026-03-05 patch resolves over 60 kernel and chipset vulnerabilities.
#android-security-updates #zero-day-vulnerability #qualcomm-chipsets #cve-2026-21385 #remote-code-execution
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]