Android Security Update \u2013 Patch for 0-Day Vulnerabilities Actively Exploited in Attack
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
In response to the discovery of actively exploited 0-day vulnerabilities<\/a>, Google has released its September 2025 Android Security Bulletin, rolling out patch level 2025-09-05 to safeguard millions of devices.<\/p>\n The bulletin details critical issues in both System and Kernel components, and emphasizes the importance of immediate updates to mitigate remote code execution risks.<\/p>\n The flagship fix addresses CVE-2025-38352, a zero-interaction flaw in the Android System component that allows remote (proximal\/adjacent) code execution without any elevated privileges.\u00a0<\/p>\n Google\u2019s severity assessment rates this as Critical, noting that successful exploitation could grant attackers complete control of affected devices even with platform and service mitigations enabled in development environments.\u00a0<\/p>\n No user engagement, such as clicking a link or opening a file, is required to trigger the exploit.<\/p>\n Source code patches for CVE-2025-38352 are now available in the Android Open Source Project (AOSP) repository.<\/p>\n Google plans to update the bulletin<\/a> with direct AOSP links within 48 hours of publication.<\/p>\n High-Severity Elevation of Privilege Flaw<\/strong><\/p>\n Another patch targets CVE-2025-48543, an Elevation of Privilege (EoP)<\/a> vulnerability in the Android Kernel.\u00a0<\/p>\n Rated High, this flaw could allow local code to gain root-level permissions, bypassing SELinux policies and other kernel-level safeguards.\u00a0<\/p>\n Affected versions include Android 13, 14, 15, and 16. Partners have received notification of both issues over a month in advance, ensuring OEMs can integrate the necessary kernel patches into upcoming device updates.<\/p>\n Users are strongly advised to verify their patch level is at least 2025-09-05 and to apply updates immediately.<\/p>\n Android partners have been briefed, and AOSP source code updates will be released shortly.<\/p>\n This coordinated effort underscores Google\u2019s commitment to proactive vulnerability management and rapid response to emerging threats.\u00a0<\/p>\n Users and device manufacturers alike must prioritize this update to maintain the integrity of Android\u2019s security posture.<\/p>\n Find this Story Interesting! Follow us on Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/strong>.<\/p>\n The post Android Security Update \u2013 Patch for 0-Day Vulnerabilities Actively Exploited in Attack<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nKey Takeaways
<\/mark><\/strong>1. Patch 2025-09-05 fixes CVE-2025-38352 (zero-interaction RCE) and CVE-2025-48543 (kernel EoP).
2. System bug needs no user action; kernel bug grants root.
3. Update now; AOSP source in 48 hrs.<\/pre>\nCritical System Component RCE Vulnerability\u00a0<\/strong><\/h2>\n
\n\n
\n CVE<\/strong><\/td>\n Title<\/strong><\/td>\n Severity<\/strong><\/td>\n<\/tr>\n \n CVE-2025-38352<\/td>\n Remote (proximal\/adjacent) code execution in System component, zero-interaction<\/td>\n Critical<\/td>\n<\/tr>\n \n CVE-2025-48543<\/td>\n Elevation of Privilege in Kernel, bypass SELinux to gain root<\/td>\n High<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n