Google has issued a critical warning to all Android users, confirming that two separate vulnerabilities have been exploited in the wild. This month's security update is so severe that Google will quickly patch all eligible Pixel devices.
The two critical vulnerabilities exploited — CVE-2025-38352 and CVE-2025-48543 — affect the Android Kernel and Android Runtime, respectively. As usual, Google has not released any critical details at this early stage.
Extremely serious security holes on Android have just been discovered.
There are also four other important fixes — CVE-2025-48539, CVE-2025-21450, CVE-2025-21483, and CVE-2025-27034. The first fix concerns the Android System, while the other three concern Qualcomm chipsets and manufacturer patch releases.
Google says CVE-2025-48543 and CVE-2025-38352 are worrisome, and both “can lead to local escalation of privilege without requiring additional execution privileges.” More alarmingly, “no user interaction is required for exploitation.”
While Pixels will be updated immediately, other OEMs will receive the code patch “within the next 48 hours” and will need to update their own monthly bulletins and firmware releases. You can expect a regular rollout schedule in the coming weeks.
A timely reminder that only devices that are still eligible for monthly security updates will get these fixes. More than a billion Android phones are no longer under any form of support contract, and many are running versions of Android that can’t be updated.
This is exactly why owners of these older devices are encouraged to upgrade their phones if they cannot update the software. Until you do, your data and device are at risk.
As Zimperium warns, “a significant percentage (25.3%) of devices cannot be upgraded because they are old.” And delays in updating make the problem worse. “At any given time during the year, more than 50% of mobile devices are running an outdated version of the operating system, and a significant number are compromised or infected with viruses.”
The U.S. Cyber Defense Agency added both Android security threats to its Known Exploited Vulnerabilities (KEV) catalog on September 4. Federal employees have until September 25 to update or stop using their Android devices. Obviously, in the unlikely event that any devices that cannot be updated are still in use by federal agency employees, those devices will need to be upgraded to new hardware before the deadline.
Source: https://khoahocdoisong.vn/android-gap-loat-lo-hong-nghiem-trong-hon-1-ty-thiet-bi-khong-the-khac-phuc-post2149051353.html
![[Photo] Where the history of resistance comes alive with modern technology at "95 years of the Party Flag lighting the way"](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/12/81c1276f52b849c8b16e2d01dd1c85e4)
![[Photo] General Secretary To Lam chairs the Politburo's working session with the Standing Committee of the National Assembly Party Committee](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/11/e2033912ce7a4251baba705afb4d413c)
![[Ảnh] Chủ tịch nước Lương Cường tiếp Bộ trưởng Quốc phòng Thổ Nhĩ Kỳ Yasar Guler](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/11/7f1882ca40ac40118f3c417c802a80da)
Comment (0)