The post Critical 9.8 CVSS Flaws in Qualcomm Chipsets Enable Remote Takeover appeared first on Daily CyberSecurity.

The post OpenAI and Semiconductor Titans Join Forces to Build the First AI Agent Smartphone appeared first on Daily CyberSecurity.

The post The “Headless” Revolution: How Google’s AAOS SDV is Rewiring the Brain of the Modern Car appeared first on Daily CyberSecurity.

Google has patched 129 vulnerabilities in Android in its March 2026 Android Security Bulletin, including a Qualcomm display flaw that is known to be actively exploited.

You can check your device’s Android version, security update level, and Google Play system update in Settings. You should get a notification when updates are available, but you can also check for them yourself.

On most phones, go to Settings > About phone (or About device), then tap Software updates to see if anything new is available. The exact steps may vary slightly depending on the brand and Android version you’re on.

If your Android phone shows a patch level of 2026-03-05 or later, these issues are fixed.

Keeping your device up to date protects you from known vulnerabilities and helps you stay safe. We know that because of patch gaps and end-of-support cycles, some users may not receive these updates. That’s why additional protection for your Android device is important.

Technical details

The Android zero-day, tracked as CVE-2026-21385, is a high‑severity bug in a Qualcomm graphics/display component that attackers are already exploiting in limited, targeted attacks.

The vulnerability lives in an open‑source Qualcomm graphics/display component used by a large number of Android chipsets, with Qualcomm listing that well over 230 different chipset models are affected. Based on recently published Android and chipset market‑share percentages, it is reasonable to assume the issue affects hundreds of millions of devices worldwide, even if the exact number is hard to pin down.

On most Android phones, you can view the processor model in Settings > About phone (or About device) > Detailed info and specs, and look for entries such as “Processor,” “Chipset,” or “SoC.” Names like “Snapdragon 8 Gen 2,” “Snapdragon 778G,” or “Qualcomm SM8xxx/SM7xxx,” indicate a Qualcomm chipset and that the device may be in the affected family.

Google says there are signs that CVE‑2026‑21385 is already being used in “limited, targeted exploitation,” which usually means a small number of high‑value targets rather than broad, drive‑by attacks on the general public. Current descriptions point to a memory corruption scenario in the graphics component. The official description says:

“Memory corruption while using alignments for memory allocation.”

This means that if an attacker can get a malicious app or local code onto the device, they can feed specially crafted data into the graphics component’s driver and corrupt memory in a controlled way. In practice, a bug like this is a good candidate for turning a normal app’s limited access into something much more powerful, like using it as a building block in a chain of exploits to escalate privileges or to escape a sandbox.

As you can see, the attacker needs some kind of local foothold first, such as getting you to install a malicious app, exploiting another vulnerability, or abusing a compromised app already on the device. 

How to stay safe

From the available information, attackers would need to trick a user into installing a malicious app that could then compromise the device. That’s why it’s a good idea to follow these safety precautions:

• Only install apps from official app stores whenever possible and avoid installing apps promoted in links in SMS, email, or messaging apps.
• Before installing finance‑related or retailer apps, verify the developer’s name, number of downloads, and user reviews rather than trusting a single promotional link.
• Protect your devices. Use an up-to-date, real-time anti-malware solution like Malwarebytes for Android.
• Scrutinize permissions. Does an app really need the permissions it’s requesting to do the job you want it to do? Especially if it asks for accessibility, SMS, or camera access.
• Keep Android, Google Play services, and all other important apps up to date so you get the latest security fixes.

---

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Google confirms that the Qualcomm Android vulnerability CVE-2026-21385 was exploited in real-world attacks.

Google has confirmed that CVE-2026-21385 (CVSS score of 7.8), a high-severity vulnerability affecting an open-source Qualcomm component used in Android devices, has been actively exploited.

“There are indications that CVE-2026-21385 may be under limited, targeted exploitation.” reads Google’s advisory.

The flaw is a buffer over-read in the Graphics component that could allow attackers to access sensitive memory data, underscoring ongoing risks to Android users.

The company did not disclose technical details about the attacks exploiting this vulnerability.

“Integer Overflow or Wraparound in Graphics” reads the Qualcomm advisory. “Memory corruption while using alignments for memory allocation.”

Qualcomm received a report about CVE-2026-21385 from Google’s Android Security team on December 18, 2025, and notified customers on February 2, 2026. Google says it sees signs of limited, targeted exploitation, though it has not shared technical details. The March 2026 Android update fixes 129 vulnerabilities, including the critical CVE-2026-0006, which allows remote code execution without user interaction or additional privileges.

Android Security Bulletin March 2026 addressed the following critical flaws:

Framework
CVE-2026-0047 (CVSS score of 8,8) – Critical Framework Elevation of Privilege, local privilege escalation without extra privileges; no user interaction needed.

System
CVE-2026-0006 (CVSS score of 9,8) – Critical System Remote Code Execution, remote code execution without privileges; no user interaction; most severe issue.
CVE-2025-48631 (CVSS score of 8,6) – Critical System Denial of Service, causes device/service denial; no extra privileges needed.

Kernel
CVE-2024-43859 (CVSS score of 8,8) – Critical Kernel Elevation of Privilege in Flash-Friendly File System, local file system privilege escalation.
CVE-2026-0037 (CVSS score of 9,0) – Critical protected Kernel-based Virtual Machine Elevation of Privilege, breaks virtual machine isolation with System privileges.
CVE-2026-0038 (CVSS score of 9,0) – Critical Hypervisor Elevation of Privilege, potential virtual machine escape to host control.
CVE-2026-0027 (CVSS score of 9,0) – Critical protected Kernel-based Virtual Machine Elevation of Privilege, kernel virtualization privilege escalation.
CVE-2026-0028 (CVSS score of 9,0) – Critical protected Kernel-based Virtual Machine Elevation of Privilege, local attacker escalates in protected virtual machines.
CVE-2026-0030 (CVSS score of 9,0) – Critical protected Kernel-based Virtual Machine Elevation of Privilege, high-impact virtualization isolation bypass.
CVE-2026-0031 (CVSS score of 9,0) – Critical protected Kernel-based Virtual Machine Elevation of Privilege, escalates privileges across virtual machine boundaries.

Google’s Android security bulletin introduces two patch levels, 2026-03-01 and 2026-03-05, to help device makers roll out fixes more quickly across different models. The later patch level adds updates for

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Google)