The Hackingpost - © Copyright The Hackingpost. All Rights Reserved.

Saturday, September 6
Header Banner
HomeCyberAndroid Security Update – Patch for 0-Day Vulnerabilities Actively Exploited in Attack
CyberCybersecurityMainNewsSecurity

Android Security Update – Patch for 0-Day Vulnerabilities Actively Exploited in Attack

Angela Waters
September 3, 2025
0
5

Cybersecurity

Google has released its September 2025 Android Security Bulletin in response to the discovery of actively exploited 0-day vulnerabilities. This update introduces patch level 2025-09-05, aimed at safeguarding millions of Android devices.

Patch Details

The bulletin addresses critical vulnerabilities found in both the System and Kernel components. Immediate updates are recommended to mitigate risks associated with remote code execution.

Key Takeaways

  • Patch 2025-09-05 addresses CVE-2025-38352 (zero-interaction RCE) and CVE-2025-48543 (kernel EoP).
  • The System vulnerability requires no user action, while the Kernel vulnerability allows root access.
  • Updates are essential; AOSP source code will be available within 48 hours.

Critical System Component RCE Vulnerability

The primary fix is for CVE-2025-38352, a zero-interaction vulnerability in the Android System component that permits remote code execution without elevated privileges. Google’s assessment categorizes this as Critical, with potential to grant attackers full control of affected devices. No user engagement is necessary to exploit this flaw.

Source code patches are now available in the Android Open Source Project (AOSP) repository. Google will update the bulletin with direct AOSP links within 48 hours.

High-Severity Elevation of Privilege Flaw

A separate patch addresses CVE-2025-48543, an Elevation of Privilege (EoP) vulnerability in the Android Kernel, rated High. This flaw could enable local code to obtain root-level permissions, bypassing SELinux and other kernel safeguards. Affected versions include Android 13 through 16. Partners have been informed over a month in advance to ensure OEM integration of the necessary kernel patches.

CVE Title Severity
CVE-2025-38352 Remote (proximal/adjacent) code execution in System component, zero-interaction Critical
CVE-2025-48543 Elevation of Privilege in Kernel, bypass SELinux to gain root High

Users are strongly advised to verify their devices are updated to patch level 2025-09-05. Android partners have been briefed, and AOSP source code updates will be released shortly. This update highlights Google’s commitment to proactive vulnerability management and rapid response to emerging threats. It is crucial for users and manufacturers to prioritize this update to maintain Android’s security integrity.

TagsCyberCybersecurityEUGoogleNewsSecurityUSWindows
Previous Article

CISA Warns of WhatsApp 0-Day Vulnerability Exploited in Attacks

Next Article

Revolut Share Sale: What Is A Share Sale And How Does It ...

Comments are closed.

More News

© Copyright The Hackingpost. All rights reserved.