© AI-generated illustration with GPT-5
Android is affected by two zero-day vulnerabilities used to hack smartphones. The vulnerability CVE-2025-38352 destabilizes the Linux kernel and disrupts task cleaning. As a result, cybercriminals can gain privileges and carry out denial-of-service attacks. The vulnerability CVE-2025-48543 targets Android Runtime and allows a malicious application to escape the sandbox to access elevated privileges.
Android is regularly targeted by attacks. One of the most recent threats targeted victims’ bank accounts, but today we are focusing on two vulnerabilities. The vulnerabilities CVE-2025-38352 and CVE-2025-48543 are part of the 84 that were addressed in the security patch released on September 5, 2025.
Therefore, it is crucial to apply this update provided by Google to mitigate these serious vulnerabilities. All devices running Android 13 to Android 16, which has just introduced the Material 3 Expressive design, are affected.
Two critical Android vulnerabilities fixed by the update, install it quickly
The Android security bulletin emphasizes that this update is urgent and essential. Three of the four critical vulnerabilities identified this month originate from Qualcomm. Vulnerabilities in MediaTek, Arm, and Imagination Technologies have also been patched.
The fourth critical vulnerability pertains to the system component itself, allowing remote code execution, which is particularly dangerous as it does not require any execution privileges.
Obviously, these 84 vulnerabilities encompass very different issues. The patch addresses denial-of-service problems, information disclosure, and privilege escalation. In short, the fact that two vulnerabilities are currently being exploited by hackers highlights the urgency of this update.
To check for the availability of the September security update on your Android device, navigate to Settings > Security and Privacy > System and Update > Security Update.
Normally, your smartphone will display a notification if the patch has already been made available, without any action required on your part.
The September 2025 update is thus a defense against hackers and other malware. Google strives to react swiftly to address new threats. Zero-day vulnerabilities are particularly dangerous as they are exploited before being publicly fixed.
Cybercriminals are aware of these vulnerabilities due to their disclosure in the Android security bulletin. Android is a vast and complex operating system, featuring components from various manufacturers, making potential attacks more numerous.
Source: Android
