Tech
Android gets patches for Qualcomm zero-day exploited in attacks
Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero-day flaw in a Qualcomm display component.
“There are indications that CVE-2026-21385 may be under limited, targeted exploitation,” the company said on Monday in its March 2025 Android Security Bulletin.
While Google didn’t provide any further information on the attacks currently targeting this vulnerability, Qualcomm revealed in a separate security advisory issued on February 3 that the flaw is an integer overflow or wraparound in the Graphics subcomponent that local attackers can exploit to trigger memory corruption.
Qualcomm says it was alerted to this high-severity vulnerability on December 18, and it notified customers on February 2. According to its February advisory, which has yet to flag CVE-2026-21385 as exploited in attacks, the security flaw affects 235 Qualcomm chipsets.
With this month’s Android security updates, Google fixed 10 critical security vulnerabilities in the System, Framework, and Kernel components that attackers exploit to gain remote code execution, elevate privileges, or trigger denial-of-service conditions.
“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation,” Google said.
Google issued two sets of patches: the 2026-03-01 and 2026-03-05 security patch levels. The latter bundles all fixes from the first batch, as well as patches for closed-source third-party and kernel subcomponents, which may not apply to all Android devices.
While Google Pixel devices receive security updates immediately, other vendors often take longer to test and tweak them for specific hardware configurations.
Google and Qualcomm spokespersons were not immediately available for comment when contacted by BleepingComputer earlier today regarding the CVE-2026-21385 attacks and their targets.
Google released patches for two other high-severity zero-day vulnerabilities (CVE-2025-48633 and CVE-2025-48572) in December, both of which were also tagged as “under limited, targeted exploitation.”
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.