News

Google patched 120 Android vulnerabilities, including two 0-days

HackMag1020

Google developers released security updates for Android that fixed 120 vulnerabilities in the operating system. According to the company, two of the issues had already been exploited by attackers in targeted campaigns.

This month’s fixed zero-days have been assigned identifiers CVE-2025-38352 (7.4 on the CVSS scale) — a privilege escalation vulnerability in the Linux kernel component — as well as CVE-2025-48543 — a privilege escalation vulnerability in the Android Runtime component.

Google notes that these vulnerabilities are already being exploited in limited, targeted attacks; however, the company is not disclosing any details about these incidents. It is reported that exploiting the vulnerabilities requires no user interaction.

CVE-2025-38352 is a vulnerability in the Linux kernel that was discovered on July 22, 2025 and fixed in kernel versions 6.12.35-1 and later. The issue is related to a race condition in POSIX CPU timers and triggers failures in task cleanup procedures, destabilizing the kernel, which can lead to crashes, denial of service, and privilege escalation.

CVE-2025-48543, in turn, affects the Android Runtime, where Java/Kotlin applications and system services run. It potentially allows a malicious app to bypass the sandbox and gain access to higher-privileged system capabilities.

In addition to two actively exploited 0-days, the September update fixed four critical bugs.

CVE-2025-48539, a remote code execution (RCE) issue in an Android system component. It allows an attacker within physical or network proximity (for example, within Bluetooth or Wi‑Fi range) to execute arbitrary code on the device without any user interaction or privileges.

CVE-2025-21450, CVE-2025-21483, and CVE-2025-27034 affect Qualcomm’s proprietary components. According to details provided by Qualcomm in its own security bulletin, CVE-2025-21450 pertains to the GPS management system, CVE-2025-21483 concerns issues with network data stacks, and CVE-2025-27034 is linked to a problem in the multimode call processor.

Google has traditionally prepared two patch levels: 2025-09-01 and 2025-09-05, to allow partners to more quickly fix some vulnerabilities common across all Android devices.

it? Share:
05.02.2025 —
Google patches Android zero-day vulnerability exploited by hackers
05.03.2025 —
Polish Space Agency disconnects its network due to hacker attack
18.03.2025 —
Black Basta ransomware group developed its own automated brute-forcing framework
25.04.2025 —
Asus patches vulnerability in AMI's MegaRAC enabling attackers to brick servers
26.03.2025 —
Cloudflare to block all unencrypted traffic to its APIs
29.04.2025 —
FBI Offers 10 million USD for information on Salt Typhoon members
04.04.2025 —
Privilege escalation vulnerability in Google Cloud resulting in sensitive data leaks finally patched
23.04.2025 —
Improper authentication control vulnerability affects ASUS routers with AiCloud
12.03.2025 —
Mass exploitation of PHP-CGI vulnerability in attacks targeting Japanese companies
23.01.2025 —
Fake Telegram CAPTCHA forces users to run malicious PowerShell scripts
15.02.2022 —
First contact: How hackers steal money from bank cards
08.06.2023 —
Croc-in-the-middle. Using crocodile clips do dump traffic from twisted pair cable
12.01.2022 —
First contact. Attacks against contactless cards
04.04.2022 —
Fastest shot. Optimizing Blind SQL injection
11.01.2022 —
Persistence cheatsheet. How to establish persistence on the target host and detect a compromise of your own system
15.02.2022 —
Reverse shell of 237 bytes. How to reduce the executable file using Linux hacks
20.04.2023 —
Sad Guard. Identifying and exploiting vulnerability in AdGuard driver for Windows
20.07.2023 —
Evil modem. Establishing a foothold in the attacked system with a USB modem
15.12.2022 —
What Challenges To Overcome with the Help of Automated e2e Testing?
02.06.2022 —
Climb the heap! Exploiting heap allocation problems