"The March 2026 Android Security Bulletin, published Monday, addresses 129 vulnerabilities across the mobile operating system. It's the highest number of patches in a single month since April 2018. But one vulnerability in particular has security teams on high alert: CVE-2026-21385, a zero-day flaw that Google confirms is already under attack."
"The vulnerability resides in an open-source Qualcomm graphics component and affects 234 different chipsets, according to Qualcomm's security advisory. Google's Threat Analysis Group discovered the flaw and reported it to Qualcomm on December 18, 2025. The technical nature of the flaw makes it particularly dangerous. The vulnerability is an integer overflow issue in the Graphics subcomponent that leads to memory corruption."
"There are indications that CVE-2026-21385 may be under limited, targeted exploitation. While the company didn't provide details about who's being targeted or how widespread the attacks are, Qualcomm confirmed that fixes were made available to device manufacturers in January 2026."
Google published its largest Android security update in nearly eight years in March 2026, addressing 129 vulnerabilities across the mobile operating system. The update is particularly significant due to CVE-2026-21385, a zero-day flaw in an open-source Qualcomm graphics component affecting 234 different chipsets. Google's Threat Analysis Group discovered the vulnerability and reported it to Qualcomm in December 2025. The flaw involves an integer overflow issue in the Graphics subcomponent that causes memory corruption. Security teams are on high alert because the vulnerability is already under limited, targeted exploitation. Qualcomm made fixes available to device manufacturers in January 2026 and encourages users to apply security updates promptly.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]