InfoSecBulletin Cybersecurity for mankind
Google released security updates for September 2025, fixing 120 security flaws in Android, including two vulnerabilities actively exploited in targeted attacks.
The vulnerabilities are listed below:
Anthropic disables Fable 5 and Mythos 5 Access after US order limiting foreign access
Using AI, Researcher Hacks Google and Earns $500,000 Bug Bounty
Chrome 149 fixes 28 flaws, including critical UAF bugs
Dahua patches multiple critical vulnerabilities in its products
South Korea fines Coupang Record $409 mln fine for data leak
ShinyHunters claim stolen data from 100+ org via oracle PeopleSoft servers
Security Update: RoguePlanet, BitLocker Bypass, Chromium Zero-Day, and More Critical Threats Uncovered
73 Microsoft Packages Compromised in Password Stealer Attack
New Windows Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
Microsoft June Patches 200 Vulnerabilities including 3 zero days
CVE-2025-38352 (CVSS score: 7.4): A privilege escalation flaw in the Linux Kernel component
CVE-2025-48543 (CVSS score: N/A): A privilege escalation flaw in the Android Runtime component
Google stated that both vulnerabilities can cause local privilege escalation without needing extra execution privileges. Additionally, they highlighted that no user interaction is necessary for exploitation.
The tech giant did not reveal how the issues have been weaponized in real-world attacks and if they are being put to use in tandem, but acknowledged there are indications of “limited, targeted exploitation.”
Benoît Sevens of Google’s Threat Analysis Group (TAG) has been credited with discovering and reporting the upstream Linux Kernel flaw, indicating that it may have been abused as part of targeted spyware attacks.
Google has fixed several vulnerabilities in Framework and System components, including remote code execution, privilege escalation, information disclosure, and denial-of-service issues.
Google released two security patches, 2025-09-01 and 2025-09-05, to help Android partners fix vulnerabilities quickly across devices.
“Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level,” Google said.
