Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Google Patches 120 Flaws In Android

September 4, 2025
Reading Time: 3 mins read
in Alerts
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google has released its monthly security update for September 2025, addressing a total of 120 security vulnerabilities in its Android operating system. Among these patches, two stand out as particularly critical because Google has confirmed they have been actively exploited in targeted attacks. These vulnerabilities are CVE-2025-38352, a privilege escalation flaw in the Linux Kernel, and CVE-2025-48543, a similar flaw in the Android Runtime. Both of these security weaknesses could allow a malicious actor to gain higher-level permissions on a device without any user interaction or additional execution privileges, posing a serious threat to user data and device integrity.

The disclosure from Google’s Threat Analysis Group (TAG) regarding the Linux Kernel vulnerability, CVE-2025-38352, is a significant point of concern. This flaw was discovered and reported by Benoît Sevens of TAG, a team known for investigating state-sponsored and other sophisticated cyber threats. The involvement of TAG suggests that this particular vulnerability may have been used as part of targeted spyware campaigns. While Google has not provided specific details on how these issues were weaponized or if they were used in tandem, the company’s acknowledgment of “limited, targeted exploitation” underscores the severity and real-world impact of these security flaws.

In addition to the two actively exploited vulnerabilities, the September 2025 security bulletin resolves a wide range of other issues. The updates patch flaws that could lead to remote code execution, which allows an attacker to run their own code on a device; privilege escalation, which grants an attacker higher permissions; information disclosure, which could leak sensitive user data; and denial-of-service, which can make a device or service unusable. These vulnerabilities affect various components within the Android Framework and System, highlighting the comprehensive nature of Google’s security efforts to maintain the integrity of its mobile ecosystem.

To facilitate a more agile and efficient deployment of these crucial fixes, Google has released two distinct security patch levels: 2025-09-01 and 2025-09-05. This two-tier approach gives Android partners, such as device manufacturers and carriers, the flexibility to address a subset of vulnerabilities that are consistent across all Android devices more quickly. By separating the patches, Google enables partners to prioritize and push out the most critical fixes without waiting for a complete, all-encompassing update. The company has urged its partners to apply all the patches and use the latest security patch level to ensure devices are fully protected.

The recent pattern of actively exploited vulnerabilities being addressed in monthly updates is a notable trend. For instance, in August, Google patched two Qualcomm vulnerabilities, CVE-2025-21479 and CVE-2025-27038, which the chipmaker had also flagged as being exploited in the wild. The consistent discovery and patching of such in-the-wild exploits highlight the ongoing cat-and-mouse game between security researchers and malicious actors. These regular updates are a crucial part of Google’s strategy to protect the vast number of Android users worldwide from evolving cyber threats.

Reference:

  • Android Security Alert Google Patches 120 Flaws Including Two Zero Days Under Attack
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecuritySeptember 2025
ADVERTISEMENT

Related Posts

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
WhatsApp Scam Lets Hackers Hijack Chats

WhatsApp Scam Lets Hackers Hijack Chats

September 4, 2025
WhatsApp Scam Lets Hackers Hijack Chats

Android Droppers Turn Into Malware Tools

September 4, 2025
WhatsApp Scam Lets Hackers Hijack Chats

Malicious Npm Package Mimics Nodemailer

September 4, 2025
Sitecore Exploit Chain Warning

High Risk SQLi In WordPress Plugin

September 2, 2025

Latest Alerts

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

WhatsApp Scam Lets Hackers Hijack Chats

Malicious Npm Package Mimics Nodemailer

Android Droppers Turn Into Malware Tools

Subscribe to our newsletter

    Latest Incidents

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    Austria Ministry Reports Email Breach

    Hackers Breach Fintech In Bank Heist Try

    Ransomware Hits Pennsylvania AG Office

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial