Ethical Hacking News
Google has patched 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that have been exploited in targeted attacks. The vulnerabilities affect various components of the Android framework, and the tech giant is urging developers to address all the issues as soon as possible.
Google has released security updates for Android addressing 120 security flaws. Two specific vulnerabilities, CVE-2025-38352 and CVE-2025-48543, were identified as actively exploited in real-world attacks. The Linux Kernel component of Android was vulnerable to privilege escalation flaws. The Android Runtime component was also affected by a similar privilege escalation flaw. Several other security flaws were patched, including remote code execution and information disclosure vulnerabilities.
Google has released security updates for its Android operating system, addressing a significant number of vulnerabilities that have been exploited in targeted attacks. The latest patch level, which includes fixes for 120 security flaws, is part of the company's ongoing efforts to ensure the security and stability of its mobile platform.
According to Google, two specific vulnerabilities were identified as being actively exploited in real-world attacks: CVE-2025-38352 and CVE-2025-48543. These issues are classified as privilege escalation flaws, which can allow an attacker to gain elevated privileges without requiring any additional execution privileges or user interaction.
The first vulnerability, CVE-2025-38352, is a privilege escalation flaw in the Linux Kernel component of Android. According to BenoƮt Sevens of Google's Threat Analysis Group (TAG), this issue may have been abused as part of targeted spyware attacks. As Sevens discovered and reported the upstream Linux Kernel flaw, it is possible that this vulnerability was exploited by malicious actors who sought to gain unauthorized access to sensitive data.
The second vulnerability, CVE-2025-48543, is a privilege escalation flaw in the Android Runtime component. Like its counterpart, this issue can also be used for local privilege escalation without requiring any additional execution privileges or user interaction.
In addition to these two vulnerabilities, several other security flaws were patched by Google as part of the latest update cycle. These issues include remote code execution, information disclosure, and denial-of-service vulnerabilities affecting various Framework and System components.
To address the numerous vulnerabilities that have been identified, Google has released two security patch levels: 2025-09-01 and 2025-09-05. The company is urging Android partners to fix all of these issues in a timely manner, using the latest security patch level to provide flexibility for addressing similar vulnerabilities across different devices.
The inclusion of two zero-day vulnerabilities in the latest update cycle highlights the ongoing importance of keeping mobile platforms up-to-date with the latest security patches. As previously mentioned, Google recently released updates to address two Qualcomm vulnerabilities that were identified as actively exploited in real-world attacks.
In an effort to stay informed about emerging threats and security flaws, it is essential for developers and users alike to remain vigilant when it comes to mobile security. By staying current with the latest security patches and following established best practices, individuals can significantly reduce their risk of falling victim to malicious attacks.
As Google continues to prioritize the security and stability of its Android platform, it is clear that this effort will be an ongoing process. With a focus on identifying and addressing emerging threats, the tech giant aims to create a safer mobile environment for users worldwide.
In light of the recent vulnerabilities discovered in the latest update cycle, it is essential for developers and users alike to exercise extreme caution when interacting with mobile applications and services that rely on Android framework components. By taking proactive measures to ensure their devices are up-to-date with the latest security patches, individuals can significantly minimize their risk of falling victim to malicious attacks.
Furthermore, as the threat landscape continues to evolve, it is crucial for organizations and developers to adopt a holistic approach to mobile security. This includes implementing robust security protocols, conducting regular vulnerability assessments, and fostering an environment that encourages collaboration and knowledge-sharing between teams and stakeholders.
By working together to address emerging threats and vulnerabilities, we can create a safer, more secure digital ecosystem for all users.
Related Information:
https://www.ethicalhackingnews.com/articles/Android-Security-Alert-Google-Patches-120-Flaws-Including-Two-Zero-Days-Under-Attack-ehn.shtml
https://thehackernews.com/2025/09/android-security-alert-google-patches.html
https://cybersecuritynews.com/google-patched-android-0-day-vulnerability/
https://nvd.nist.gov/vuln/detail/CVE-2025-38352
https://www.cvedetails.com/cve/CVE-2025-38352/
https://nvd.nist.gov/vuln/detail/CVE-2025-48543
https://www.cvedetails.com/cve/CVE-2025-48543/
Published: Wed Sep 3 08:29:29 2025 by llama3.2 3B Q4_K_M
