{"id":673445,"date":"2025-06-04T14:35:13","date_gmt":"2025-06-04T11:35:13","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/phone-chipmaker-qualcomm-fixes-three-zero-days-exploited-by-hackers\/"},"modified":"2025-06-04T14:35:13","modified_gmt":"2025-06-04T11:35:13","slug":"phone-chipmaker-qualcomm-fixes-three-zero-days-exploited-by-hackers","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/phone-chipmaker-qualcomm-fixes-three-zero-days-exploited-by-hackers\/","title":{"rendered":"Phone chipmaker Qualcomm fixes three zero-days exploited by hackers"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2ddd0445aa9\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2ddd0445aa9\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/phone-chipmaker-qualcomm-fixes-three-zero-days-exploited-by-hackers\/#Contact_Us\" >Contact Us<\/a><\/li><\/ul><\/nav><\/div>\n<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">Chipmaker giant Qualcomm <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/docs.qualcomm.com\/product\/publicresources\/securitybulletin\/june-2025-bulletin.html\">released patches<\/a> on Monday fixing a <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/watch-movies-tv-seriess\/\" data-internallinksmanager029f6b8e52c=\"8\" title=\"Watch Movies &amp; TV Series\" target=\"_blank\" rel=\"noopener\">series<\/a> of vulnerabilities in dozens of chips, including three zero-days that the company said may be in use as part of hacking campaigns.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Qualcomm cited Google\u2019s Threat Analysis Group, or TAG, which investigates government-backed cyberattacks, saying the three flaws \u201cmay be under limited, targeted exploitation.\u201d\u00a0<\/p>\n<p class=\"wp-block-paragraph\">According to the company\u2019s bulletin, Google\u2019s Android security team reported the three zero-days (CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038) to Qualcomm in February. Zero-days are security vulnerabilities that are not known to the software or hardware maker at the time of their discovery, making them extremely valuable for cybercriminals and government hackers.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Because of Android\u2019s open source and distributed nature, it\u2019s now up to device manufacturers to <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ly the patches provided by Qualcomm, which means some devices may still be vulnerable for several more weeks, despite the fact that there are patches available.\u00a0<\/p>\n<div class=\"article-block block--callout block--right has-green-500-background-color\">\n<h4 class=\"block--callout__title\"><span class=\"ez-toc-section\" id=\"Contact_Us\"><\/span>Contact Us<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\t\t\tDo you have more information about these Qualcomm zero-days? Or other zero-day exploits or zero-day makers? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.\t\t<\/p><\/div>\n<p class=\"wp-block-paragraph\">Qualcomm said in the bulletin that the patches \u201chave been made available to [device makers] in May together with a strong recommendation to deploy the update on affected devices as soon as possible.\u201d<\/p>\n<p class=\"wp-block-paragraph\">Google spokesperson Ed Fernandez told TechCrunch that the company\u2019s Pixel devices are not affected by these Qualcomm vulnerabilities.<\/p>\n<p class=\"wp-block-paragraph\">Kimberly Samra, a spokesperson for Google\u2019s TAG did not im<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>tely provide more information about these vulnerabilities, and the circumstances in which TAG found them.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Qualcomm acknowledged the fixes. \u201cWe encourage end users to apply security updates as they become available from device makers,\u201d said company spokesperson Dave Schefcik.<\/p>\n<p class=\"wp-block-paragraph\">Chipsets found in mobile devices are frequent targets for hackers and zero-day exploit developers because chips <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a>ly have wide access to the rest of the operating system, which means hackers can jump from there to other parts of the device that may hold sensitive data.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">In the last few months, there have been documented cases of exploitation against Qualcomm chipsets. Last year, Amnesty International identified a Qualcomm zero-day that was being used by Serbian authorities, likely by using phone unlocking tool maker Cellebrite.<\/p>\n<p class=\"wp-block-paragraph\"><em>Updated to include Qualcomm\u2019s spokesperson comment.<\/em><\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/category\/technology\/\" target=\"_blank\" >Technology<\/a><\/span> category.<\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/techcrunch.com\/2025\/06\/03\/phone-chipmaker-qualcomm-fixes-three-zero-days-exploited-by-hackers\/\" target=\"_blank\" >Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Chipmaker giant Qualcomm released patches on Monday fixing a series of vulnerabilities in dozens of chips, including three zero-days that the company said may be in use as part of hacking campaigns.\u00a0 Qualcomm cited Google\u2019s Threat Analysis Group, or TAG, which investigates government-backed cyberattacks, saying the three flaws \u201cmay be under limited, targeted exploitation.\u201d\u00a0 According&#8230;<\/p>\n","protected":false},"author":1,"featured_media":673446,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2022\/03\/GettyImages-1126324973-samsung.jpg?resize=1200,800","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[39382,26293,156871,119490,72287,155987],"class_list":["post-673445","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-android","tag-google","tag-google-threat-analysis-group","tag-qualcomm","tag-security","tag-zero-days"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/673445","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=673445"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/673445\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/673446"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=673445"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=673445"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=673445"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}