Latest Cyber Security News

You are here: Home / General Cyber Security News / Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack
September 3, 2025

Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that it said have been exploited in targeted attacks.

The vulnerabilities are listed below –

  • CVE-2025-38352 (CVSS score: 7.4) – A privilege escalation flaw in the Linux Kernel component
  • CVE-2025-48543 (CVSS score: N/A) – A privilege escalation flaw in the Android Runtime component

Google said both vulnerabilities could lead to local escalation of privilege with no additional execution privileges needed. It also noted that no user interaction is required for exploitation.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


CIS Build Kits

The tech giant did not reveal how the issues have been weaponized in real-world attacks, but acknowledged there are indications of “limited, targeted exploitation.”

Also patched by Google are several remote code execution, privilege escalation, information disclosure, and denial-of-service vulnerabilities impacting Framework and System components.

Google has released two security patch levels, 2025-09-01 and 2025-09-05, so as to give flexibility to Android partners to address a portion of vulnerabilities that are similar across all Android devices more quickly.

“Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level,” Google said.

Last month, the tech giant Google released security updates to resolve two Qualcomm vulnerabilities — CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5) — that were flagged by the chipmaker as actively exploited in the wild.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *