Ethical Hacking News
Android security patches have been released by Google to address vulnerabilities in the August 2025 security update, including two Qualcomm flaws that were exploited in targeted attacks. The patches aim to provide an additional layer of protection against potential threats and are a result of the ongoing efforts to improve the security of Android devices.
Google released security patches to address vulnerabilities in the August 2025 security update. The patches fix two Qualcomm flaws (CVE-2025-21479 and CVE-2025-27038) that were exploited in targeted attacks. A critical security vulnerability in the System component has been patched to prevent remote code execution. Two sets of security patch levels have been released: 2025-08-01 and 2025-08-05, which include fixes for closed-source components. Google has issued patches for recent zero-day vulnerabilities exploited in targeted attacks by authorities.
Android security patches have been released by Google to address vulnerabilities in the August 2025 security update, including two Qualcomm flaws that were exploited in targeted attacks. The patches were made available after the Google Threat Analysis Group reported indications of limited, targeted exploitation of these vulnerabilities.
The first vulnerability, CVE-2025-21479, is a Graphics framework incorrect authorization weakness that can lead to memory corruption due to unauthorized command execution in the GPU micronode while executing a specific sequence of commands. This flaw was identified as a potential target for attackers and has been addressed through the release of security patches.
Another vulnerability, CVE-2025-27038, is a use-after-free vulnerability that causes memory corruption while rendering graphics using Adreno GPU drivers in Chrome. Like CVE-2025-21479, this vulnerability was also reported to be under limited, targeted exploitation by the Google Threat Analysis Group and has been patched through the August 2025 security update.
In addition to addressing these two Qualcomm flaws, the August 2025 security update also includes patches for a critical security vulnerability in the System component that attackers with no privileges can exploit to gain remote code execution when chained with other flaws in attacks that don't require user interaction. This patch is intended to provide an additional layer of protection against potential threats.
Google has issued two sets of security patches: the 2025-08-01 and 2025-08-05 security patch levels, which include all fixes from the first batch and patches for closed-source third-party and kernel subcomponents that may not apply to all Android devices. While Google Pixel devices receive security updates immediately, other vendors often take longer to test and tweak them for their specific hardware configurations.
In recent months, Google has patched two zero-day vulnerabilities exploited in targeted attacks by Serbian authorities to unlock confiscated Android devices, as well as a second Android zero-day used by the Serbian government in NoviSpy spyware attacks. These patches highlight the importance of timely and effective security updates for protecting against potential threats.
The release of these security patches serves as a reminder of the ongoing need for vigilance in maintaining the security of Android devices. By staying informed about the latest vulnerabilities and security patches, users can take steps to protect their devices and remain one step ahead of potential attackers.
Related Information:
https://www.ethicalhackingnews.com/articles/Android-Security-Patches-Address-Qualcomm-Flaws-Exploited-in-Targeted-Attacks-ehn.shtml
https://www.bleepingcomputer.com/news/security/android-gets-patches-for-qualcomm-flaws-exploited-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2025-21479
https://www.cvedetails.com/cve/CVE-2025-21479/
https://nvd.nist.gov/vuln/detail/CVE-2025-27038
https://www.cvedetails.com/cve/CVE-2025-27038/
Published: Tue Aug 5 07:05:45 2025 by llama3.2 3B Q4_K_M
