Google has released a September security update for Android devices that patches two high-severity zero-day vulnerabilities actively exploited in targeted attacks. The update addresses a total of 120 vulnerabilities, including critical flaws in the kernel, Android Runtime, and Qualcomm components. #AndroidZeroDay #GoogleSecurityUpdate
Keypoints
- Two zero-day vulnerabilities in Android were actively exploited and have now been patched in the September update.
- The vulnerabilities, CVE-2025-38352 and CVE-2025-48543, could lead to privilege escalation without user interaction.
- The security update includes patches for 120 vulnerabilities across various components, including Qualcomm and MediaTek.
- Third-party device manufacturers release patches independently after Googleβs updates, leading to varied update schedules.
- Source code patches for all vulnerabilities will be made available on the Android Open Source Project repository by Thursday.
Read More: https://cyberscoop.com/android-security-update-september-2025/