Particle.news
Download on the App Store
9 ARTICLES
·
2w ago

Google Patches Two Exploited Android Zero-Days in Wide September Update

Security agencies urge immediate installation of the September patch levels.

Image
Android
Image
Android Security Alert

Overview

  • Google’s September bulletin fixes over 100 flaws, including two zero-days—CVE-2025-38352 in the kernel and CVE-2025-48543 in Android Runtime—that enable local privilege escalation without user interaction and are under limited, targeted exploitation.
  • The release also addresses a critical System vulnerability, CVE-2025-48539, that could allow remote or adjacent code execution, alongside dozens of high-severity issues across Qualcomm, Imagination Technologies and MediaTek components.
  • Two patch levels are available (2025-09-01 and 2025-09-05); Pixel devices are receiving updates now while other manufacturers integrate and ship fixes on their own schedules.
  • Rollout snapshots show Samsung pushing a maintenance release for major flagships that includes both zero-day fixes, while Motorola’s September patch includes CVE-2025-48543 but not CVE-2025-38352 yet.
  • India’s CERT-In issued a high-risk alert urging users on Android 13–16 to update and to confirm protection by checking for security patch level 2025-09-01 or 2025-09-05, as Google withholds exploit details and credits TAG researcher Benoît Sevens for CVE-2025-38352.