Google has released its September 2025 Android security patches, addressing a staggering 111 unique vulnerabilities, including two actively exploited zero-day flaws that are already being used in targeted attacks. These zero-days — CVE-2025-38352, a Linux kernel race condition, and CVE-2025-48543, a flaw in the Android Runtime — allow attackers to escalate privileges and potentially take control of devices. Both issues require no special permissions or user interaction to exploit, making them especially dangerous.
The update also fixes a critical remote code execution (RCE) vulnerability in the System component (CVE-2025-48539) that attackers could abuse without elevated privileges. Combined, these vulnerabilities highlight the urgency of updating devices immediately to at least the 2025-09-05 security patch level, which contains the full set of fixes.
Beyond phones, the patch covers the broader Android ecosystem — including Pixel devices, Wear OS smartwatches, Pixel Watches, and Android Automotive OS systems. Updates also address 32 Qualcomm component vulnerabilities, three of which are critical. Google notes that the update strengthens memory safety in the Android Runtime and enhances Google Play Protect, providing additional defense against spyware and privilege escalation threats.
The bulletin also underscores the growing risks of privilege escalation in mobile applications, whether through sideloaded apps, OEM pre-installed apps, or abuse of the Accessibility API. Attackers are increasingly exploiting over-permissioned apps, droppers, and even built-in OEM utilities to gain control of devices and exfiltrate sensitive data.
For enterprises and everyday users alike, this update is essential. Security experts warn that attackers are already leveraging these zero-days in limited, targeted campaigns, likely linked to spyware operations. Organizations should push the update across managed fleets via MDM tools, while individuals should confirm their devices read “2025-09-05” or later under system settings.
Failure to update leaves devices exposed to remote exploitation, spyware, and system takeover. This release is not just another monthly patch cycle — it’s a critical security moment for Android users worldwide.
#Android #Google #securityupdate #CVE202538352 #CVE202548543 #CVE202548539 #Linuxkernel #AndroidRuntime #zeroDay #RCE #Pixel #WearOS #AutomotiveOS #Qualcomm #PlayProtect #privilegeescalation #mobilemalware #cybersecurity
