Zero-day in Android cellphone chips beneath energetic assault
A zero-day vulnerability within the Qualcomm chipsets utilized by many Android cell gadgets is being actively exploited within the wild, based on Google, and system customers ought to apply the related updates as quickly as attainable.
Tracked as CVE-2026-21385, the flaw is a reminiscence corruption vulnerability that arises from an integer overflow or graphics wraparound situation. Left unaddressed, it allows a menace actor to bypass safety controls and take over the focused system.
It impacts nicely over 200 chipsets in widespread use, based on Qualcomm, which stated it was first reported in December 2025 by the Google Android Safety Workforce, and it notified its personal prospects on 2 February 2026, with fixes rolling out as way back as January.
In its March Safety Bulletin, which moreover addresses over 100 different flaws in Android and associated elements thereof, Google stated “there are indications that CVE-2026-21385 could also be beneath restricted, focused exploitation”.
Google’s alternative of wording means that CVE-2026-21385 is being utilized by a state-linked surveillance operation as, traditionally, this has been the case with a terrific many zero-days that in the end endanger smartphone gadgets.
Nevertheless, Google has made no agency assertion on this level, and nor has it supplied any info on the trivia of the assaults, or their victims, up to now.
In its bulletin, Google moreover flagged CVE-2026-0047, a important elevation of privilege (EoP) flaw, and CVE-2026-0006, a distant code execution (RCE) flaw, as warranting shut consideration from defenders.
Adam Boynton, senior enterprise technique supervisor at Jamf, a specialist in Android and iOS safety, stated the Qualcomm zero-day can be of specific concern to safety groups as a result of though it has been patched by Google, it’s OEMs and cell carriers who actually management when the patch trickles down down and reaches the precise gadgets in folks’s pockets.
“In enterprise environments, that hole can stretch from days to months – and through that window, the vulnerability is public and the system is uncovered,” he defined.
“Cell is not a secondary assault floor, and organisations that deal with it as such, by delaying updates, would be the ones that find yourself in incident reviews.”
As of Tuesday 3 March, CVE-2026-21385 has additionally now been added to the Cybersecurity and Infrastructure Safety Company’s (Cisa’s) Recognized Exploited Vulnerabilities (Kev) catalogue. This obliges all companies of the Federal Civilian Govt Department (FECB) within the US to use the Android patches by 24 March, and is an additional sign of the potential scope, and injury, of the vulnerability to the broader enterprise group.
Apple not uncared for
In the meantime, on 3 March, Google’s in-house Menace Intelligence Group (GTIG) launched particulars of a strong exploit equipment focusing on Apple iPhone fashions operating variations 13.0 by means of 17.2.01 of iOS.
The so-called Coruna equipment is claimed to comprise a set of 5 complete iOS exploit chains comprising 23 whole exploits – probably the most superior of which use exploitation strategies and mitigation bypasses that aren’t but public.
GTIG stated it had tracked its use by a buyer of an unnamed business spyware and adware provider, in a collection of watering gap assaults focusing on Ukrainian customers, linked to Russian intelligence, and in a broad-scale marketing campaign carried out by a financially motivated cyber prison operator hailing from China – tracked as UNC6353.
“How this proliferation occurred is unclear, however suggests an energetic marketplace for second-hand zero-day exploits,” the GTIG crew stated of their write-up.
“Past these recognized exploits, a number of menace actors have now acquired superior exploitation strategies that may be reused and modified with newly recognized vulnerabilities.”
GTIG famous that Coruna is ineffective towards gadgets operating the most recent model of iOS and inspired all customers to replace their gadgets – or allow Lockdown Mode if this isn’t but attainable.
