Google has released a record-breaking security bulletin for Android this month: 129 vulnerabilities patched, surpassing the 120 flaws fixed last September. Among these patches is a zero-day vulnerability already exploited in targeted attacks.
Vulnerability CVE-2026-21385 affects the graphics driver of Qualcomm processors with a severity score of 7.8/10. It allows an attacker to trigger memory corruption through an integer overflow. In practice, the graphics component receives and attempts to process more data than its maximum capacity, creating a flaw in memory management that an attacker can exploit to access sensitive data or escalate privileges.
This is not an isolated case. Google also patched two other zero-days last December, confirming that targeted attacks against Android are on the rise. This accumulation highlights the scale of security challenges facing an OS that powers 71% of the world's smartphones.
Google discovered this vulnerability on December 18, 2025, but Qualcomm and its partners were not notified until February 2, 2026. This two-and-a-half-month gap between discovery and partner notification creates an exploitation window for attackers.
Furthermore, Samsung, Xiaomi, and other manufacturers typically take between one and four weeks to adapt patches to their custom interfaces before rolling them out. During this period, an actively exploited zero-day remains unpatched on millions of devices in production.
Add to this older devices that will never receive updates, and the conclusion is clear: system patches alone are no longer enough to protect a mobile fleet.
Regular updates remain essential and should be a priority. If an update is available for your device, install it immediately. If not, CISA (the U.S. cybersecurity agency) goes as far as recommending that users completely stop using affected smartphones until the patch is applied, given the severity of the risk.
However, with zero-days being exploited before patches are even available, and given manufacturer deployment delays, organizations cannot afford to wait nor to ground their entire mobile fleet.
This is why securing mobile fleets with a dedicated mobile protection solution has become essential. Pradeo's Mobile Threat Defense solution detects and neutralizes exploitation attempts in real time, across all attack vectors (operating system, applications, network), without depending on the availability of a Google patch, a manufacturer's adaptation, or the user installing an update. It also protects older devices that will never receive a patch.
Faced with hundreds of vulnerabilities every month, organizations must adopt an advanced mobile protection strategy with continuous active threat detection.