Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Google Patches 120 Flaws In Android

September 4, 2025
Reading Time: 3 mins read
in Alerts
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google has released its monthly security update for September 2025, addressing a total of 120 security vulnerabilities in its Android operating system. Among these patches, two stand out as particularly critical because Google has confirmed they have been actively exploited in targeted attacks. These vulnerabilities are CVE-2025-38352, a privilege escalation flaw in the Linux Kernel, and CVE-2025-48543, a similar flaw in the Android Runtime. Both of these security weaknesses could allow a malicious actor to gain higher-level permissions on a device without any user interaction or additional execution privileges, posing a serious threat to user data and device integrity.

The disclosure from Google’s Threat Analysis Group (TAG) regarding the Linux Kernel vulnerability, CVE-2025-38352, is a significant point of concern. This flaw was discovered and reported by Benoît Sevens of TAG, a team known for investigating state-sponsored and other sophisticated cyber threats. The involvement of TAG suggests that this particular vulnerability may have been used as part of targeted spyware campaigns. While Google has not provided specific details on how these issues were weaponized or if they were used in tandem, the company’s acknowledgment of “limited, targeted exploitation” underscores the severity and real-world impact of these security flaws.

In addition to the two actively exploited vulnerabilities, the September 2025 security bulletin resolves a wide range of other issues. The updates patch flaws that could lead to remote code execution, which allows an attacker to run their own code on a device; privilege escalation, which grants an attacker higher permissions; information disclosure, which could leak sensitive user data; and denial-of-service, which can make a device or service unusable. These vulnerabilities affect various components within the Android Framework and System, highlighting the comprehensive nature of Google’s security efforts to maintain the integrity of its mobile ecosystem.

To facilitate a more agile and efficient deployment of these crucial fixes, Google has released two distinct security patch levels: 2025-09-01 and 2025-09-05. This two-tier approach gives Android partners, such as device manufacturers and carriers, the flexibility to address a subset of vulnerabilities that are consistent across all Android devices more quickly. By separating the patches, Google enables partners to prioritize and push out the most critical fixes without waiting for a complete, all-encompassing update. The company has urged its partners to apply all the patches and use the latest security patch level to ensure devices are fully protected.

The recent pattern of actively exploited vulnerabilities being addressed in monthly updates is a notable trend. For instance, in August, Google patched two Qualcomm vulnerabilities, CVE-2025-21479 and CVE-2025-27038, which the chipmaker had also flagged as being exploited in the wild. The consistent discovery and patching of such in-the-wild exploits highlight the ongoing cat-and-mouse game between security researchers and malicious actors. These regular updates are a crucial part of Google’s strategy to protect the vast number of Android users worldwide from evolving cyber threats.

Reference:

  • Android Security Alert Google Patches 120 Flaws Including Two Zero Days Under Attack
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecuritySeptember 2025
ADVERTISEMENT

Related Posts

BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025
FBI Issues Warning on Spoofed IC3 Website

FBI Issues Warning on Spoofed IC3 Website

September 22, 2025
FBI Issues Warning on Spoofed IC3 Website

Infostealer Hits macOS Users Widely

September 22, 2025
FBI Issues Warning on Spoofed IC3 Website

SonicWall Warns Reset After Exposure

September 22, 2025

Latest Alerts

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

SonicWall Warns Reset After Exposure

Infostealer Hits macOS Users Widely

FBI Issues Warning on Spoofed IC3 Website

Subscribe to our newsletter

    Latest Incidents

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    Steam Game Steals Streamer Donations

    Ransomware Gang Hacks Spartanburg County

    Cyberattack Hits Europe Airport Systems

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial