Google has released security patch for six weaknesses in Android’s August 2025 security updates, including exploitation of two Qualcomm defects in targeted attacks.
Two safety insects tracked as Cve-2025-21479 And Cve-2025-27038In the end of January 2025, the Google android was informed through the security team.
The first is a graphics framework wrong authority weakness that can lead to memory corruption due to unauthorized command execution in the GPU micronode when executing a specific sequence of the command. On the other hand, CVE-2025-27038, is a use-free free vulnerability that causes memory corruption by using adreno GPU drivers in Chrome.
Google has now integrated the patch announced by Qualcomm, when the wireless tech veteran warned that “the Google threat analysis group indicates that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, under target exploitation.”
The patch for issues affecting the Adreno Graphics Processing Unit (GPU) driver has been made available to OEMS in May, as well as a strong recommendation to deploy the update on the affected equipment as soon as possible, “Qualcomm said.
CISA Also added On June 3, two security bugs for their catalogs actively exploited weaknesses ordered federal agencies to secure their equipment against the attacks going on till 24 June.
With the Android security updates of this month, Google has also decided to exploit a significant safety vulnerability in the system component that attackers with no privilege can exploit to obtain distance code execution when the attacks have chains with other flaws that do not require user interaction.
Google has released two sets of security patch: 2025-08-01 And 2025-08-05 Security patch level. The latter bundles first fixed the patch for all fix and close-sources third-party and kernel subcontinants from the first batch, which could not be applied to all Android devices.
While Google Pixel devices get immediate safety updates, other vendors will often take longer to test for their specific hardware configurations.
In March, Google exploited two zero-day weaknesses in target attacks to unlock Android devices seized by Serbian authorities.
Last November, the company addressed another Android Zero-Day (CVE-2024-43047) used by the Serbian government in the Novisky spyware attacks, which was first tagged as exploitation by Google Project Zero in October.
Malware targeting password stores increased 3x as the attackers secretly carried out the perfect history landscape, infiltrated and exploited important systems.
Search for the top 10 Metter Att & CK techniques behind the 93% attacks and how to defend them.
