"Tracked as CVE-2026-21385, the flaw is a memory corruption vulnerability that arises from an integer overflow or graphics wraparound condition. Left unaddressed, it enables a threat actor to bypass security controls and take over the targeted system. It affects well over 200 chipsets in widespread use, according to Qualcomm, which said it was first reported in December 2025 by the Google Android Security Team."
"In its March Security Bulletin, which additionally addresses over 100 other flaws in Android and related components thereof, Google said 'there are indications that CVE-2026-21385 may be under limited, targeted exploitation'. Google's choice of wording suggests that CVE-2026-21385 is being used by a state-linked surveillance operation as, historically, this has been the case with a great many zero-days that ultimately endanger smartphone devices."
"Adam Boynton, senior enterprise strategy manager at Jamf, a specialist in Android and iOS security, said the Qualcomm zero-day would be of particular concern to security teams because although it has been patched by Google, it is OEMs and mobile carriers who really control when the patch trickles down and reaches the actual devices in people's pockets. In enterprise environments, that gap can stretch from days to months."
CVE-2026-21385, a memory corruption vulnerability caused by integer overflow in Qualcomm chipsets, affects more than 200 widely-used chipsets and enables attackers to bypass security controls and compromise targeted systems. First reported by Google's Android Security Team in December 2025, Qualcomm notified customers in February 2026 with fixes available since January. Google's March Security Bulletin indicates limited, targeted exploitation, suggesting possible state-linked surveillance involvement. The vulnerability poses particular concern because while Google has patched it, OEMs and mobile carriers control patch distribution timelines, creating delays of days to months before reaching consumer devices.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]