Phone chipmaker Qualcomm fixes three zero-days exploited by hackers

Core Insights - Qualcomm has released patches addressing multiple vulnerabilities in its chips, including three zero-day vulnerabilities that may be exploited in targeted hacking campaigns [1][4] - Google's Threat Analysis Group reported these zero-days to Qualcomm in February, highlighting their potential for exploitation by cybercriminals and government hackers [1][5] - The open-source nature of Android means that device manufacturers are responsible for applying these patches, which may leave some devices vulnerable for an extended period [2][4] Vulnerability Details - The three zero-day vulnerabilities identified are CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038 [1] - Qualcomm's bulletin indicates that patches were made available to device manufacturers in May, with a strong recommendation for prompt deployment [4] - Google confirmed that its Pixel devices are not affected by these vulnerabilities [4] Exploitation Context - Qualcomm chipsets are frequently targeted by hackers due to their extensive access to the operating system, allowing potential access to sensitive data [5] - There have been recent documented cases of exploitation against Qualcomm chipsets, including a zero-day identified by Amnesty International that was reportedly used by Serbian authorities [6]