Android Faithful129 CVEs patched in a single Android security update. That's the most in a month since April 2018.
One's a Qualcomm zero-day (CVE-2026-21385) integer overflow in the display component, already being exploited in the wild, affects 230+ chipsets.
One's an RCE in Media Codecs (CVE-2026-0006) no user interaction required.
The good news: Project Mainline handled the Media Codecs patch OTA via the Play Store, no waiting for your carrier.
One's a Qualcomm zero-day (CVE-2026-21385) integer overflow in the display component, already being exploited in the wild, affects 230+ chipsets.
One's an RCE in Media Codecs (CVE-2026-0006) no user interaction required.
The good news: Project Mainline handled the Media Codecs patch OTA via the Play Store, no waiting for your carrier.
