Released as part of the Android Security Bulletin on September 1, 2025, the update carries a security patch level of 2025-09-05 or later and addresses multiple critical flaws—two of which have confirmed, limited, and targeted exploitation.
Google’s assessment highlights that these vulnerabilities can lead to serious compromise when platform and service mitigations are disabled or successfully bypassed by attackers.
The most urgent issue lies in the System component, where a remote code execution flaw allows arbitrary code to run without any additional privileges or user interaction.
Equally pressing are two Elevation of Privilege (EoP) bugs in Android Runtime and System, both rated as High severity.
| CVE Identifier | Internal Reference | Component | Type | Severity |
|---|---|---|---|---|
| CVE-2025-38352 | A-425282960 | Android Runtime | EoP (Elevation of Privilege) | High |
| CVE-2025-48543 | A-421834866 | System | EoP (Elevation of Privilege) | High |
CVE-2025-38352 stems from upstream kernel issues affecting Android Runtime, potentially allowing apps to elevate privileges and access protected resources.
Meanwhile, CVE-2025-48543 spans Android versions 13 through 16, underscoring the breadth of susceptible devices and the urgency of deploying patches promptly.
Google’s coordinated disclosure process ensured that Android OEM partners received full technical details at least one month before public announcement, enabling timely integration of fixes.
The Android Open Source Project (AOSP) repository will receive source-code patches within 48 hours of bulletin publication, facilitating custom ROM developers and device manufacturers in rolling out updates.
Device users can verify their security patch level under Settings > System > About Phone.
Installing the update not only patches the actively exploited vulnerabilities but also integrates additional enhancements in Google Play Protect and strengthens memory safety measures in the Android Runtime.
Technical experts recommend the following immediate actions:
This bulletin exemplifies Google’s multi-layered defensive strategy, combining rapid patch distribution, proactive monitoring, and responsible disclosure to counter sophisticated threats targeting mobile ecosystems.
With billions of Android devices in circulation, timely adoption of the latest security patch is paramount to maintaining device integrity and user privacy.
Users are strongly encouraged to upgrade to the most recent Android version available for their device model, as each release incorporates advanced mitigations that further reduce exploitation risk.
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
The post Android Security Update Patches Actively Exploited 0-Day Vulnerabilities appeared first on Cyber Security News.
Menlo Park, USA, March 10th, 2026, CyberNewswire AccuKnox, a leading Zero Trust Cloud-Native Application Protection…
OpenClaw, a self-hosted AI agent, rose to become GitHub’s most-starred repository weeks after its launch,…
Artificial intelligence leader Anthropic has filed an unprecedented lawsuit against the United States government after…
Two “Important” severity vulnerabilities have been disclosed in Apache ZooKeeper, a widely used service for…
A powerful iPhone exploit kit named “Coruna,” initially created for Western intelligence by U.S. contractor…
Estefany Maria Rodríguez Florez, a reporter for the Spanish-language news outlet Nashville Noticias, was arrested…
This website uses cookies.