Qualcomm fixes three Adreno GPU Zero-Days exploited in Attacks
"Patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May together with a strong recommendation to deploy the update on affected devices as soon as possible." Qualcomm said in a advisory.
https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html#Annref
![Qualcomm has released security patches for three zero-day vulnerabilities in the Adreno Graphics Processing Unit [GPU] driver that impact dozens of chipsets and are actively exploited in targeted attacks.
The company says two critical flaws [tracked as CVE-2025-21479 and CVE-2025-21480] were reported through the Google Android Security team in late January, and a third high-severity vulnerability [CVE-2025-27038] was reported in March.
<https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html#_cve-2025-21479>
<https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html#_cve-2025-21480>
<https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html#_cve-2025-27038>
The first two are both Graphics framework incorrect authorization weaknesses that can lead to memory corruption because of unauthorized command execution in the GPU micronode while executing a specific sequence of commands, while CVE-2025-27038 is a use-after-free causing memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
"There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation," Qualcomm warned in a advisory.](https://nerdculture.de/system/media_attachments/files/114/692/977/572/351/729/original/0bead9cd86a13999.jpeg "Qualcomm has released security patches for three zero-day vulnerabilities in the Adreno Graphics Processing Unit [GPU] driver that impact dozens of chipsets and are actively exploited in targeted attacks.
The company says two critical flaws [tracked as CVE-2025-21479 and CVE-2025-21480] were reported through the Google Android Security team in late January, and a third high-severity vulnerability [CVE-2025-27038] was reported in March.
<https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html#_cve-2025-21479>
<https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html#_cve-2025-21480>
<https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html#_cve-2025-27038>
The first two are both Graphics framework incorrect authorization weaknesses that can lead to memory corruption because of unauthorized command execution in the GPU micronode while executing a specific sequence of commands, while CVE-2025-27038 is a use-after-free causing memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
\"There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation,\" Qualcomm warned in a advisory.")
Qualcomm introduces AR1+ Gen 1 chip for local AI assistance on smart glasses
Qualcomm has presented the AR1+ Gen 1 chip, which is designed to enable AI features to be executed more efficiently and locally on smart glasses.
Qualcomm stellt AR1+ Gen 1-Chip für lokale KI-Assistenz auf Smartbrillen vor
Qualcomm hat den AR1+ Gen 1-Chip vorgestellt, der die Ausführung von KI-Features auf Smartbrillen effizienter und lokal auf den Geräten ermöglichen soll.
Qualcomm lança chip que promete óculos inteligentes com IA totalmente autónoma
https://tugatech.com.pt/t67951-qualcomm-lanca-chip-que-promete-oculos-inteligentes-com-ia-totalmente-autonoma
Huawei: fundador admite que a empresa ainda está atrás dos EUA nos chips https://tugatech.com.pt/t67910-huawei-fundador-admite-que-a-empresa-ainda-esta-atras-dos-eua-nos-chips
Leveraging the power of NPU to run Gen AI tasks on Copilot+ PCs.
Tell #Qualcomm to release #FreeSoftware Wi-Fi firmware and drivers. https://freewifi.missionlibre.org/
#GlobalFoundries announces $16 billion #US chip production spend — striking spending boom follows demand from domestic customers
GlobalFoundries announced the decision in response to "unmet demand" in the U.S. for local clients such as #Apple & #Qualcomm.
GlobalFoundries specified that $13B of the funds will go towards expanding the company's existing #NewYork and #Vermont fabs, with the remaining $3B dedicated to researching advanced packaging and other new technologies.
https://www.tomshardware.com/tech-industry/semiconductors/globalfoundries-announces-usd16-billion-u-s-chip-production-spend-striking-spending-boom-follows-demand-from-domestic-customers
Phone chipmaker #Qualcomm fixes three zero-days exploited by hackers
U.S. #CISA adds Multiple #Qualcomm chipsets flaws to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/178610/hacking/u-s-cisa-adds-multiple-qualcomm-chipsets-flaws-to-its-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking
Patchday Android: Attackers can gain higher rights
Important security updates close several gaps in Android 13, 14 and 15. Attackers are targeting devices with Qualcomm processors.
Patchday Android: Angreifer können sich höhere Rechte verschaffen
Wichtige Sicherheitsupdates schließen mehrere Lücken in Android 13, 14 und 15. Angreifer attackieren Geräte mit Qualcomm-Prozessor.
Bit-Rauschen, der Prozessor-Podcast: Die Neuheiten der Computex 2025
Prozessoren, Grafikchips, PC-Komponenten: Die Tops und Flops der taiwanischen IT-Messe Computex sind das Thema in Folge 2025/12 des Podcasts Bit-Rauschen.
#Qualcomm has released security patches for three #zeroday #vulnerabilities in the #Adreno Graphics Processing Unit (#GPU) driver that impact dozens of chipsets and are actively exploited in targeted attacks.
The company says two critical flaws (tracked as CVE-2025-21479 and CVE-2025-21480) were reported through the #Google #Android #Security team in late January, and a third high-severity vulnerability (CVE-2025-27038) was reported in March.
CISA has added to the KEV catalogue. The links currently are not available. 
Today's winner is Qualcomm.
- CVE-2025-27038: Qualcomm Multiple Chipsets Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-27038
- CVE-2025-21480: Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-21480
- CVE-2025-21479: Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-21479
- CISA Releases Three Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2025/06/03/cisa-releases-three-industrial-control-systems-advisories #CISA #cybersecurity #infosec #Qualcomm
Qualcomm fixed three zero-days exploited in limited, targeted attacks – Source: securityaffairs.com https://ciso2ciso.com/qualcomm-fixed-three-zero-days-exploited-in-limited-targeted-attacks-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #Qualcomm #Security #hacking #zeroday #Mobile
Google Pixel 10: lançamento apontado para agosto e novidades no evento 'Pixel Penthouse' https://tugatech.com.pt/t67529-google-pixel-10-lancamento-apontado-para-agosto-e-novidades-no-evento-pixel-penthouse
#Qualcomm fixed three zero-days exploited in limited, targeted Attacks
https://securityaffairs.com/178532/hacking/qualcomm-fixed-three-zero-days-exploited-in-limited-targeted-attacks.html
#securityaffairs #hacking
@tauon @sodiboo @silly @puppygirlhornypost2 yes and no.
There never were cool tools like the #DEBUG_CHAR module for #Qualcomm #Baseband|s on #iOS.
כָלב 
