Google’s August 2025 Android security update delivers urgent fixes for multiple vulnerabilities in Qualcomm GPU components, including two critical flaws that were already being exploited by attackers. The most severe issues involve a memory corruption vulnerability in the graphics framework (CVE-2025-21479) and a use-after-free bug in the Adreno GPU driver (CVE-2025-27038). Both could allow a remote attacker to execute arbitrary code without requiring any user interaction, making them particularly dangerous. These flaws could be triggered by specially crafted data processed by the GPU, allowing an attacker to gain deep system access and potentially compromise sensitive information or install malicious software.

Qualcomm confirmed that these vulnerabilities were being used in real-world attacks, prompting an immediate security advisory and patch release. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) quickly added both CVEs to its Known Exploited Vulnerabilities catalog, a move reserved for high-priority threats that require urgent attention. Google distributed the patches as part of its August security bulletin, which was split into two patch levels — August 1 and August 5 — to address both core Android and vendor-specific vulnerabilities.

Pixel devices have already received the update, while other Android devices will need to wait for manufacturers and carriers to push the patches. This staggered rollout could leave millions of devices temporarily exposed, underscoring the importance of enabling automatic updates and regularly checking for new software releases. Security experts advise that users install the August update as soon as it becomes available to prevent exploitation, especially given the confirmed evidence of active attacks. This incident serves as a reminder of the critical role timely patching plays in defending against sophisticated mobile threats.

Sources

• Tom’s Guide – Google just fixed two high-severity Qualcomm bugs used by hackers in their attacks – update your Android phone right now
  https://www.tomsguide.com/computing/online-security/googles-august-security-patches-include-a-fix-for-these-two-qualcomm-flaws-update-right-now
• TechRadar – Google urgently patches major Qualcomm security flaw hitting Android phones – here’s what we know
  https://www.techradar.com/pro/security/google-patches-major-qualcomm-security-flaw-hitting-android-phones-heres-what-we-know