Android Security Update: Google Addresses 120 Vulnerabilities, Including Two Actively Exploited Zero-Days

Sep 03, 2025
Mobile Security / Vulnerability

Google has released security updates for September 2025, patching 120 vulnerabilities in its Android operating system. Among these are two critical issues that have been confirmed as actively exploited in targeted attacks. The key vulnerabilities are:

  • CVE-2025-38352 (CVSS score: 7.4): A privilege escalation flaw in the Linux Kernel component.
  • CVE-2025-48543 (CVSS score: 7.4): A privilege escalation flaw in the Android Runtime component.

Both vulnerabilities allow for local privilege escalation without requiring additional execution privileges or user interaction. While Google has not detailed how these vulnerabilities are being exploited in the wild or if they are being leveraged together, they acknowledge signs of “limited, targeted exploitation.” Benoît Sevens from Google’s Threat Analysis Group (TAG) is credited with discovering and reporting these critical flaws.

Android Security Alert: Google Addresses 120 Security Vulnerabilities, Including Two Active Zero-Days

In a significant update as part of its September 2025 security patch cycle, Google has addressed a total of 120 security vulnerabilities affecting its Android operating system. Among these, two particular flaws have raised alarm due to their exploitation in active targeted attacks. These vulnerabilities are cataloged as CVE-2025-38352 and CVE-2025-48543, both with a critical CVSS score of 7.4.

CVE-2025-38352 pertains to a privilege escalation vulnerability in the Linux Kernel component, while CVE-2025-48543 affects the Android Runtime component. Google has identified these weaknesses as capable of allowing local privilege escalation without the need for additional execution privileges or user interaction, amplifying the potential threat to users and organizations alike.

While Google has not disclosed specific details on how these vulnerabilities have been leveraged in real-life scenarios or if they are being exploited in conjunction with each other, it has reported signs of “limited, targeted exploitation.” This situation underscores the pressing need for businesses to remain vigilant against cyber threats, particularly given the ease with which these vulnerabilities can be exploited.

In terms of cybersecurity tactics, the vulnerabilities align with tactics identified in the MITRE ATT&CK framework. Specifically, they highlight the concern of privilege escalation, which allows an adversary to gain higher levels of access than normally permitted. This can significantly compromise the security of both individual devices and larger organizational networks. Additionally, the initial access technique may be implicated, as adversaries could leverage other vulnerabilities or social engineering tactics to gain footholds before exploiting these newly disclosed flaws.

Firms with Android devices or applications must act promptly to install the latest updates to mitigate these vulnerabilities. It is critical that organizations remain aware of potential threats and implement robust security policies to protect themselves. Given that these vulnerabilities could be exploited without user interaction, the risk is magnified, emphasizing the importance of proactive security measures.

The cyber landscape is ever-evolving, and as such, organizations should not only focus on patching known vulnerabilities but also anticipate potential exploit strategies that adversaries may use. For business owners and IT professionals, understanding the implications of these vulnerabilities is vital for safeguarding their digital assets. With the recent discoveries made by Benoît Sevens of Google’s Threat Analysis Group, it is evident that vigilance and timely responsiveness are key in the ongoing battle against cyber threats.

In summary, these new security updates serve as a crucial reminder of the persistent risks in the digital environment. Staying informed and proactive will be the best defense against potential exploitation, ensuring that businesses can operate securely in an increasingly complex cyber landscape.

Source link

Related Posts

Iranian Hackers Compromise Over 100 Embassy Email Accounts in Global Diplomat Phishing Campaign

Sep 03, 2025
Data Breach / Cyber Espionage

A group linked to Iran has been identified as the perpetrator of a “coordinated” and “multi-wave” spear-phishing campaign targeting embassies and consulates across Europe and beyond. Israeli cybersecurity firm Dream has attributed this activity to Iranian-aligned operators associated with a broader offensive cyber initiative known as Homeland Justice. “Phishing emails were sent to numerous government officials worldwide, masquerading as legitimate diplomatic correspondence,” the firm reported. “The evidence suggests a larger regional espionage strategy aimed at diplomatic and government institutions amid rising geopolitical tensions.” The attack tactics involve spear-phishing emails that reference geopolitical disputes between Iran and Israel, containing malicious Microsoft Word attachments that prompt recipients to “Enable Content” to execute embedded Visual Basic for Applications code.

Preventing Data Leaks Before They Strike

In January 2025, cybersecurity experts from Wiz Research uncovered a significant data leak at Chinese AI firm DeepSeek, which compromised over 1 million sensitive log streams. The researchers discovered a publicly accessible ClickHouse database associated with DeepSeek, granting potential full control over database operations and allowing access to internal data. This incident included more than a million lines of log streams containing chat histories, secret keys, and more. Wiz promptly notified DeepSeek, which took immediate action to secure the vulnerability. However, this event highlights the persistent risk of data leakage. Whether intentional or accidental, data leakage encompasses various scenarios, as defined by IBM, which describes it as the unintentional exposure of sensitive information to unauthorized parties. On the intentional side…

Cybercriminals Exploit HexStrike AI to Target Citrix Vulnerabilities Just Days After Disclosure

Sep 03, 2025 Artificial Intelligence / Vulnerability

Threat actors are actively utilizing a new artificial intelligence (AI) offensive security tool, HexStrike AI, to exploit recently identified security vulnerabilities. Marketed as an AI-powered platform, HexStrike AI aims to streamline reconnaissance and vulnerability detection, enhancing authorized red teaming, bug bounty programs, and capture the flag (CTF) competitions. Information from its GitHub repository reveals that the open-source tool integrates with over 150 security solutions, enabling comprehensive network reconnaissance, web application testing, reverse engineering, and cloud security assessments. Additionally, it features numerous specialized AI agents tailored for tasks like vulnerability intelligence, exploit development, attack chain analysis, and error handling. However, a report from Check Point indicates that cybercriminals are attempting to weaponize the tool to gain a strategic advantage.

Cybercriminals Leverage X’s Grok AI to Circumvent Ad Safeguards and Distribute Malware to Millions

Sep 04, 2025
Artificial Intelligence / Malware

Cybersecurity experts have identified a new tactic employed by cybercriminals to circumvent the malvertising protections of social media platform X, utilizing its AI assistant Grok to disseminate harmful links. This method, dubbed “Grokking,” was discussed in a series of posts by Nati Tal, head of Guardio Labs.

The technique aims to exploit the limitations set by X on Promoted Ads, which typically permit only text, images, or videos for advertising. By leveraging video card-promoted posts featuring adult content as bait, malvertisers cleverly conceal malicious links in the “From:” metadata field located below the video player—an area that goes unchecked by the platform’s security measures.