Google Patches Critical Android Zero-Day Exploits in the Wild
▼ Summary
– Google has fixed over 100 Android vulnerabilities, including two (CVE-2025-48543 and CVE-2025-38352) that may be under limited, targeted exploitation.
– A critical vulnerability (CVE-2025-48539) in the System component could lead to remote code execution without privileges or user interaction.
– The exploited vulnerabilities affect Android Runtime and the Linux kernel, enabling local privilege escalation without privileges or user interaction.
– Google, Samsung, and Motorola have released security updates, with Samsung fixing both exploited flaws and Motorola only addressing CVE-2025-48543.
– The exploited vulnerabilities are likely used in targeted attacks to deliver mercenary spyware to high-risk users.
Google has rolled out a significant security update addressing more than 100 vulnerabilities in its Android operating system, including two flaws confirmed to be under active exploitation. This latest patch aims to protect users from targeted attacks that could compromise device security without any user interaction.
Among the most serious issues resolved are CVE-2025-48543, which impacts the Android Runtime environment, and CVE-2025-38352, a race condition flaw within the Android Linux kernel. Both vulnerabilities allow for local privilege escalation, meaning an attacker could gain elevated access to a device without needing special permissions or tricking the user into taking any action. Also patched is CVE-2025-48539, a critical remote code execution vulnerability in the System component that could be exploited over a local network.
Although Google has not disclosed specific details regarding the attacks leveraging these vulnerabilities, the company’s description of “limited, targeted exploitation” strongly suggests these flaws are being used in highly focused campaigns, potentially involving mercenary spyware aimed at high-value targets. All Android users are strongly advised to apply the available security updates without delay to mitigate these risks.
In response to the threat, several major device manufacturers have already begun distributing patches. Google’s own Pixel phones have received comprehensive updates that include fixes for both general Android vulnerabilities and Pixel-specific issues listed in the September 2025 Security Bulletin. Samsung has issued a maintenance release for its flagship models, addressing the two exploited flaws along with other security gaps closed this month. Motorola’s latest security patch includes a correction for CVE-2025-48543, though it does not yet resolve CVE-2025-38352.
Staying informed about emerging threats is essential for maintaining digital safety. Subscribing to timely alerts can help users and organizations respond quickly to new vulnerabilities and security incidents.
(Source: HelpNet Security)
