Mobile & Wireless Android Update Patches Exploited Qualcomm Zero-Day An integer overflow or wraparound in the Qualcomm graphics component, the bug leads to memory corruption. By Ionut Arghire | March 3, 2026 (7:41 AM ET) Flipboard Reddit Whatsapp Whatsapp Email Google on Monday announced the rollout of new Android security updates containing patches for nearly 130 vulnerabilities, including an exploited zero-day. The exploited flaw, tracked as CVE-2026-21385 (CVSS score of 7.8) and impacting the graphics component of over 200 Qualcomm chipsets, is described as an integer overflow or wraparound issue leading to memory corruption while using alignments for memory allocation. According to Jamf senior enterprise strategy manager Adam Boynton, the successful exploitation of the weakness could allow attackers to “bypass security controls and gain unauthorised control over the system”. According to Qualcomm’s advisory , the bug was reported on December 18, 2025, through the Google Android Security team. The chip maker notified its customers of CVE-2026-21385 on February 2 and disclosed the security defect on Monday. “There are indications that CVE-2026-21385 may be under limited, targeted exploitation,” Google notes in Android’s March 2026 security bulletin . The company has not shared details on the observed attacks, but these types of vulnerabilities are often exploited by commercial spyware vendors. Advertisement. Scroll to continue reading. Fixes for the bug were included in the second part of this month’s Android updates, which arrive on devices as the 2026-03-05 security patch level . This patch level resolves over 60 vulnerabilities in kernel, Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm components. The first part of the updates, rolling out as the 2026-03-01 security patch level , contains fixes for over 50 vulnerabilities in the Framework and System components, including critical flaws leading to remote code execution (RCE) and denial-of-service (DoS). “The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation,” Google notes. Devices running a security level of 2026-03-05 or higher contain patches for all these vulnerabilities. On Monday, Google also announced the release of fixes for two Wear OS vulnerabilities, impacting the platform’s Framework and System components. The fresh Wear OS update also includes patches for all the security defects described in Android’s March 2026 security bulletin. Google says there are no platform-specific patches in this month’s Android Automotive OS and Android XR updates. Related: Android 17 Beta Strengthens Secure-by-Default Design for Privacy and App Security Related: Critical Dolby Vulnerability Patched in Android Related: Zyxel Patches Critical Vulnerability in Many Device Models Related: Trend Micro Patches Critical Apex One Vulnerabilities Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire North Korean APT Targets Air-Gapped Systems in Recent Campaign Google Working Towards Quantum-Safe Chrome HTTPS Certificates Hackers Weaponize Claude Code in Mexican Government Cyberattack Canadian Tire Data Breach Impacts 38 Million Accounts 38 Million Allegedly Impacted by ManoMano Data Breach 900 Sangoma FreePBX Instances Infected With Web Shells Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience Gambit Security Emerges From Stealth With $61 Million in Funding Latest News Iran Cyber Front: Hacktivist Activity Rises, but State-Sponsored Attacks Stay Low Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise Researchers Uncover Method to Track Cars via Tire Sensors Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant OpenClaw Vulnerability Allowed Websites to Hijack AI Agents Madison Square Garden Data Breach Confirmed Months After Hacker Attack Nick Andersen Appointed Acting Director of CISA AWS Expands Security Hub Into a Cross-Domain Security Platform Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Identity Under Attack: Why Every Business Must Respond Now February 11, 2026 Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise. Register Virtual Event: Ransomware Resilience & Recovery 2026 Summit February 25, 2026 SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats. Submit People on the Move Nick Andersen has been appointed Acting Director of CISA after the departure of Madhu Gottumukkala. Predictive revenue system company Clari + Salesloft has named Peter Liebert as CISO. Nscale has appointed Latha Maripuri as Chief Information Security Officer. More People On The Move Expert Insights Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Why We Can’t Let AI Take the Wheel of Cyber Defense The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience. (Steve Durbin) Flipboard Reddit Whatsapp Whatsapp Email