Google has released its monthly Android security update to fix two critical vulnerabilities in Qualcomm chips.
These flaws are already being actively exploited by hackers, putting devices like the Samsung Galaxy Z Fold 7, Galaxy Z Flip 7, and Xiaomi 15 Ultra at risk. Users are strongly advised to install the update immediately.
Active hardware threats
The first vulnerability, identified as CVE-2025-21479, stems from improper permission handling in the graphics processor (GPU). This flaw could allow unauthorized command execution and memory corruption, potentially enabling partial device takeover. The second, CVE-2025-27038, exploits a use-after-free error in Adreno graphics drivers. During image rendering, this flaw could also corrupt system memory, giving attackers a backdoor to sensitive data.
Qualcomm initially reported these vulnerabilities in June 2025. Google now confirms that they were actively targeted in attacks before being patched, warranting their inclusion in the list of exploited vulnerabilities by the CISA (U.S. Cybersecurity Agency).
Extended fixes and critical procedures
The 2025-08-05 patch, rated at the highest security level, also includes:
Two privilege escalation vulnerabilities in the Android Framework,
A critical system component bug allowing remote code execution (risk of full device takeover),
Fixes for both Arm and Qualcomm architectures.
How to protect yourself immediately ?
Users should manually check for the update via Settings – Security – Security Update.
Two patch versions are available (2025-08-01 and 2025-08-05), with the latter being essential for full protection.
Owners of recent Android devices are urged not to delay this update, as attacks are already documented.
