Google has released security patches to address multiple vulnerabilities in its Android operating system, including two Qualcomm bugs that were flagged as actively exploited in the wild. The vulnerabilities include CVE-2025-21479 and CVE-2025-27038, both related to incorrect authorization and use-after-free issues in the Graphics component.
These patches follow similar patterns of abuse by commercial spyware vendors like Variston and Cy4Gate in the past, suggesting that they may also be exploited for malicious purposes. However, Google has not provided any details on how these vulnerabilities have been used in real-world attacks.
The patches are now listed in the US Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the updates by June 24, 2025. Additionally, Google has resolved two high-severity privilege escalation flaws and a critical bug that could result in remote code execution.
Users are advised to apply the updates as soon as they become available to stay protected against potential threats.
Source: https://thehackernews.com/2025/08/google-fixes-3-android-vulnerabilities.html