Ethical Hacking News
Google has released its September 2025 security update for Android devices, which addresses two actively exploited flaws and four other critical-severity vulnerabilities. The update aims to protect Android users from potential crashes, denial of service, and privilege escalation due to a Linux kernel flaw and an elevation of privilege issue in the Android Runtime component.
Google has released its September 2025 security update for Android devices, addressing 84 vulnerabilities, including two zero-day attacks. The update fixes two actively exploited flaws: CVE-2025-38352 (elevation of privilege) and CVE-2025-48543 (elevation of privilege in the Android Runtime component). Four additional critical-severity problems are also addressed, including remote code execution vulnerabilities. The total number of fixed flaws is 111, with 27 specifically relevant to MediaTek-powered devices.
Google has recently released its September 2025 security update for Android devices, a move that aims to address two actively exploited flaws detected in the operating system. The update, which covers vulnerabilities impacting Android 13 through 16, addresses a total of 84 vulnerabilities, including the two zero-day attacks mentioned earlier.
The first flaw is CVE-2025-38352, an elevation of privilege issue discovered on July 22, 2025, fixed in kernel versions 6.12.35-1 and later. This Linux kernel flaw has been attributed to a race condition in POSIX CPU timers, which can potentially lead to crashes, denial of service, and privilege escalation.
The second flaw is CVE-2025-48543, an elevation of privilege issue impacting the Android Runtime component, where Java/Kotlin apps and system services execute. This vulnerability could allow malicious apps to bypass sandbox restrictions and access higher-level system capabilities.
Apart from these two actively exploited flaws, the September 2025 update for Android also addresses four critical-severity problems. The first one is CVE-2025-48539, a remote code execution (RCE) problem in Android's System component. This vulnerability allows attackers to execute arbitrary code on the device without any user interaction or privileges.
The other three critical flaws are CVE-2025-21450, CVE-2025-21483, and CVE-2025-27034, all of which impact Qualcomm's proprietary components. The first one, CVE-2025-21450, is a memory corruption flaw in the data network stack that can occur when reassembling video (NALUs) from RTP packets. Attackers can send specially crafted network traffic that triggers out-of-bounds writes, allowing remote code execution without user interaction.
CVE-2025-27034 is an array index validation bug in the multi-mode call processor during PLMN selection from the SOR failed list. Malicious or malformed network responses can corrupt memory and enable code execution in the modem baseband.
The total number of fixed flaws in this Android patch release is 111, with 27 of those fixes specifically relevant to MediaTek-powered devices. The recommended action for device users is to upgrade to security patch level 2025-09-01 or 2025-09-05 by navigating Settings > System > Software updates > System update > and clicking 'Check for update.'
For users running Android 12 and earlier, the recommended course of action is to replace their device with a newer model that is actively supported or use a third-party Android distribution that incorporates the latest security updates. Samsung has also released its September maintenance update for its flagship devices, addressing flaws specific to its custom components, such as One UI.
The release of this security update comes in light of recent trends showing an increase in password cracking and compromised environments, with 46% of environments having passwords cracked, nearly doubling from 25% last year. As such, it is crucial for device users to prioritize their security by keeping their devices up-to-date and employing robust security measures.
In conclusion, the September 2025 update for Android devices is a significant step in addressing actively exploited flaws that can potentially compromise user data and system stability. It is imperative for all users to take proactive steps to ensure their devices are secure by installing the latest patches as soon as possible.
Related Information:
https://www.ethicalhackingnews.com/articles/Google-Activates-Emergency-Mode-to-Address-Actively-Exploited-Android-Flaws-ehn.shtml
https://www.bleepingcomputer.com/news/security/google-fixes-actively-exploited-android-flaws-in-september-update/
https://thehackernews.com/2025/09/android-security-alert-google-patches.html
Published: Wed Sep 3 09:48:17 2025 by llama3.2 3B Q4_K_M
