Google's August security patches include a fix for these two Qualcomm flaws — update right now

This article covers Google's August 2025 Android security update, addressing critical vulnerabilities that have been actively exploited in targeted attacks.

Google released patches for six vulnerabilities in Android's August 2025 security update, with two critical Qualcomm flaws that were already being used in real-world attacks. Both vulnerabilities were discovered by Google's Android Security team and involve memory corruption issues in graphics processing components. The bugs were added to CISA's catalog of known exploited vulnerabilities, highlighting their severity.

• Two Qualcomm graphics vulnerabilities (CVE-2025-21479 and CVE-2025-27038) were actively exploited in targeted attacks before patches became available
• CISA mandated federal agencies update their devices by June 24th due to the critical nature of these security flaws
• Pixel devices receive immediate updates while other Android manufacturers roll out patches based on their testing schedules
• Additional system component vulnerability allows remote code execution when combined with other security flaws