高通修复了数十款芯片中的多个安全漏洞,包括三个零日漏洞。这些漏洞可能已被用于网络攻击活动。谷歌的威胁分析团队报告了这些漏洞,由于安卓系统的开放性,补丁需由设备制造商部署,部分设备仍可能面临风险。 2025-6-3 19:32:4 Author: techcrunch.com(查看原文) 阅读量:20 收藏
Chipmaker giant Qualcomm released patches on Monday fixing a series of vulnerabilities in dozens of chips, including three zero-days that the company said may be in use as part of hacking campaigns.
Qualcomm cited Google’s Threat Analysis Group, or TAG, which investigates government-backed cyberattacks, saying the three flaws “may be under limited, targeted exploitation.”
According to the company’s bulletin, Google’s Android security team reported the three zero-days (CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038) to Qualcomm in February. Zero-days are security vulnerabilities that are not known to the software or hardware maker at the time of their discovery, making them extremely valuable for cybercriminals and government hackers.
Because of Android’s open source and distributed nature, it’s now up to device manufacturers to apply the patches provided by Qualcomm, which means some devices may still be vulnerable for several more weeks, despite the fact that there are patches available.
Contact Us
Do you have more information about these Qualcomm zero-days? Or other zero-day exploits or zero-day makers? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.
Qualcomm said in the bulletin that the patches “have been made available to [device makers] in May together with a strong recommendation to deploy the update on affected devices as soon as possible.”
Google spokesperson Ed Fernandez told TechCrunch that the company’s Pixel devices are not affected by these Qualcomm vulnerabilities.
When reached by TechCrunch, a spokesperson for Google’s TAG did not immediately provide more information about these vulnerabilities, and the circumstances in which TAG found them.
Qualcomm did not respond to a request for comment.
Chipsets found in mobile devices are frequent targets for hackers and zero-day exploit developers because chips generally have wide access to the rest of the operating system, which means hackers can jump from there to other parts of the device that may hold sensitive data.
In the last few months, there have been documented cases of exploitation against Qualcomm chipsets. Last year, Amnesty International identified a Qualcomm zero-day that was being used by Serbian authorities, likely by using phone unlocking tool maker Cellebrite.
Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy. You can contact Lorenzo securely on Signal at +1 917 257 1382, on Keybase/Telegram @lorenzofb, or via email at [email protected].
如有侵权请联系:admin#unsafe.sh