heise PlusAbo
Anzeige

Patchday Android: Attackers can gain higher rights

Important security updates close several gaps in Android 13, 14 and 15. Attackers are targeting devices with Qualcomm processors.

listen Print view
Lead story Android patchday

(Image: heise online)

2 min. read
Security
By

Attackers can use several software vulnerabilities in different Android versions to compromise devices. Qualcomm reports attacks on devices with certain processors. However, the patch status is unclear in this case.

Starting points for attackers

In a warning message, the Android developers classify a security vulnerability (CVE-2025-26443 “high”) in an unspecified system component as the most dangerous. Smartphones and tablets with Android 13, 14 and 15 are affected.

This is where attackers should be able to gain higher user rights. However, according to the brief description, this only works if victims play along. It is not yet clear how such an attack could take place.

Data can also be leaked in the context of other system vulnerabilities (such as CVE-2025-26441 “high”). Attackers can create DoS states via gaps in the framework (e.g., CVE-2025-26432 “high”).

Patch status unclear

In addition, gaps in third-party components such as Arm and Qualcomm can also serve as a gateway for attackers. Qualcomm is currently warning that attackers are exploiting two vulnerabilities (CVE-2025-21479 “high”, CVE-2025-21480 “high”). The extent of the attacks is currently unknown. The vulnerabilities impact the Adreno GPU drivers of certain processors, such as Snapdragon 685. Various Xiaomi smartphones such as the Redmi Note 13 are among those impacted.

Videos by heise

In a post, Qualcomm assures that security patches were already made available in May. The problem here is that owners of affected smartphones cannot install the updates themselves. Smartphone manufacturers have to include the Qualcomm updates in their patches, which users can then install. However, the two vulnerabilities do not appear anywhere in the official Android security notifications or in the security section of the Xiaomi website, meaning that the patch status is currently unclear.

In addition to Google, LG, and Samsung also release monthly security updates for selected devices (see box).

Android-Patchday
Android-Patchday

Neben Google veröffentlichen noch weitere Hersteller regelmäßig Sicherheitspatches - aber meist nur für einige Produktserien. Geräte anderer Hersteller bekommen die Updates erheblich später oder, im schlimmsten Fall, gar nicht.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten