This is one software update that you really shouldn’t delay.
Google has just rolled out a massive security update to its Android operating system, with fixes for an eye-watering 129 security flaws that could leave your smartphone or tablet vulnerable to hackers. The US company has labelled this update as “critical,” with some vulnerabilities more problematic than others.
And it’s the most severe of these 129 flaws that has security experts especially worried. It’s codenamed CVE-2026-21385, and it affects Qualcomm chips – the processors that power millions of Android devices worldwide.
This vulnerability has been given a “zero-day” rating, which means hackers may already have discovered it and could be using it to attack phones right now. What makes this flaw more dangerous than the others in the list is this vulnerability lets attackers slip past your phone’s security defences and gain control over your entire system without permission.
Qualcomm chipsets are used in a wide variety of devices, including Samsung Galaxy, Honor, Motorola, OnePlus, Oppo, Sony, Xiaomi, Realme, Huawei, and Nothing, to name just a few.
Both Google and Qualcomm have also confirmed that targeted exploitation of this flaw might already be happening – making it essential that you grab this update as soon as it’s available.
Google releases security updates every month, so it’s important to be on the lookout and update your device regularly to minimise the risk of fraudsters gaining access to your information
| GETTY IMAGES
Adam Boynton, Senior Enterprise Strategy Manager at Jamf, has shed some light on why this particular bug is so nasty.
“The vulnerability is an integer overflow in the Graphics subcomponent that means an attacker cause severe memory corruption allowing them to bypass security controls and gain unauthorised control over the system,” he explained.
In simpler terms, the flaw tricks your phone’s graphics system into making a mathematical error. This error then corrupts your device’s memory – the bit that keeps everything running smoothly.
Once that memory is scrambled, hackers can essentially walk right through your phone’s security gates and take over without you knowing. Mr Boynton added: “While Google patches these vulnerabilities, OEMs and carriers control when it reaches the device in someone’s pocket. In enterprise environments, that gap can stretch from days to months – and during that window, the vulnerability is public and the device is exposed.
“Mobile is no longer a secondary attack surface, and organisations that treat it as such, by delaying updates, will be the ones that end up in incident reports.”
Google’s own Pixel phones are first in line for this crucial fix, so if you’ve got one, you should see the update available now. Samsung users and those with other Android brands will need to hang tight for a few days while manufacturers roll out their versions of the patch.
Google’s Pixel phones are the first mobiles to receive the critical update, with other Android devices following shortly afterwards
| GOOGLE PRESS OFFICE | GB NEWS
To check for the update, head to your Settings > System, then look for Software update or System update.
Before you hit download, it’s best practice to make sure your battery is above 50% and connected to Wi-Fi so it has enough power and doesn’t eat up your data plan. Updates like this can be quite chunky, sometimes over 1GB. Once installed, restart your phone to make sure everything’s properly protected.
Google is known for delivering vital security updates every month, so it’s always worth being on the lookout to update your device.