Google has launched security patches for six vulnerabilities in Android’s August 2025 security replace, together with two Qualcomm flaws exploited in focused assaults.
The 2 security bugs, tracked as CVE-2025-21479 and CVE-2025-27038, have been reported by means of the Google Android Safety group in late January 2025.
The primary is a Graphics framework incorrect authorization weak point that may result in reminiscence corruption on account of unauthorized command execution within the GPU micronode whereas executing a selected sequence of instructions. CVE-2025-27038, however, is a use-after-free vulnerability that causes reminiscence corruption whereas rendering graphics utilizing Adreno GPU drivers in Chrome.
Google has now built-in the patches introduced by Qualcomm in June, when the wi-fi tech big warned that “There are indications from Google Risk Evaluation Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 could also be below restricted, focused exploitation.”
“Patches for the problems affecting the Adreno Graphics Processing Unit (GPU) driver have been made out there to OEMs in Could along with a robust advice to deploy the replace on affected units as quickly as doable,” Qualcomm stated.
CISA has additionally added the 2 security bugs to its catalog of actively exploited vulnerabilities on June third, ordering federal companies to safe their units towards ongoing assaults by June 24.
With this month’s Android security updates, Google has additionally fastened a essential security vulnerability within the System part that attackers with no privileges can exploit to realize distant code execution when chained with different flaws in assaults that do not require consumer interplay.
Google has issued two units of security patches: the 2025-08-01 and 2025-08-05 security patch ranges. The latter bundles all fixes from the primary batch and patches for closed-source third-party and kernel subcomponents, which can not apply to all Android units.
Whereas Google Pixel units obtain security updates instantly, different distributors will usually take longer to check andtweak them for his or her particular {hardware} configurations.
In March, Google additionally patched two zero-day vulnerabilities exploited in focused assaults by Serbian authorities to unlock confiscated Android units.
Final November, the corporate addressed a second Android zero-day (CVE-2024-43047) utilized by the Serbian authorities in NoviSpy spy ware assaults, which was first tagged as exploited by Google Mission Zero in October.
Malware concentrating on password shops surged 3X as attackers executed stealthy Excellent Heist situations, infiltrating and exploiting essential methods.
Uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and how one can defend towards them.
