UrsaClimb Logo

Android gets patches for Qualcomm zero-day exploited in attacks

Bleeping Computer
by Sergiu Gatlan
March 3, 2026
AI-Generated Deep Dive Summary
Google has released security updates for Android to address 129 vulnerabilities, including a critical zero-day flaw in a Qualcomm display component. The vulnerability, CVE-2026-21385, was identified as actively exploited and poses significant risks. It involves an integer overflow in the Graphics subcomponent, allowing local attackers to cause memory corruption, leading to potential remote code execution or privilege escalation. The issue was first reported to Qualcomm on December 18, with the company issuing a security advisory on February 2. The flaw affects 235 Qualcomm chipsets, impacting numerous devices globally. Google addressed this and other critical vulnerabilities in its March 2026 Android Security Bulletin, categorizing them as high severity due to their potential for exploitation without user interaction. The updates include two patch sets: the 2026-03-01 and 2026-03-05 levels. The latter includes additional fixes for closed-source components, though not all devices may receive these updates immediately. Google Pixel devices get updates swiftly, while other manufacturers often delay implementation due to testing and compatibility requirements. This situation underscores the ongoing challenge of patching vulnerabilities in third-party hardware components like Qualcomm chipsets. The targeted exploitation of such flaws highlights the need for users and developers to prioritize timely updates to mitigate risks. Security experts recommend monitoring official channels for patches and avoiding untrusted software that could exploit these vulnerabilities. The broader context of this update reflects a growing trend of sophisticated cyber threats, with attackers increasingly targeting hardware-level flaws. Such exploits pose significant risks, as they can enable persistent attacks on devices without requiring user interaction. For users concerned about security, staying informed and keeping their devices updated remains critical
Verticals
securitytech
Originally published on Bleeping Computer on 3/3/2026