Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Android privilege escalation flaws under targeted exploitation (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 40
3 unique sources, 3 articles

Summary

Hide ▲

CVE-2025-38352 and CVE-2025-48543 are Android privilege-escalation flaws affecting the Linux Kernel and Android Runtime that were tied to limited, targeted exploitation. Both weaknesses can be abused for local escalation of privilege without additional execution privileges, and exploitation does not require user interaction. Google addressed the issues in its September 2025 Android security updates.

Related Happenings

Google Android Advanced Flow adds safer APK sideloading for unverified developers

Security Tool/Service
First: 21.03.2026 16:18 Last: 21.03.2026 16:18 Sources 1

About this happening: **Google** is rolling out **Advanced Flow** on **Android** to let power users sideload APKs from **unverified developers** with more friction and warnings, reducing the risk of **...

Open Happening

Perseus Android note-stealing and remote-control malware activity

Malware Activity
First: 19.03.2026 12:13 Last: 19.03.2026 12:13 Sources 1

About this happening: The **Perseus** Android malware is now being used to inspect user notes for secrets, creating theft risk for **passwords**, **recovery phrases**, and **financial data**. It is als...

Open Happening

Fake Google Account security page PWA phishing campaign

Campaign
First: 02.03.2026 22:23 Last: 02.03.2026 22:23 Sources 1

About this happening: A **phishing campaign** is using a **fake Google Account security page** and a **Progressive Web App (PWA)** to steal **one-time passcodes**, harvest **cryptocurrency wallet addre...

Open Happening

Google Play Protect and Play Integrity API expand Android anti-abuse controls in 2025

Security Tool/Service
First: 19.02.2026 19:00 Last: 19.02.2026 19:00 Sources 1

About this happening: Google expanded **Play Protect** and **Play Integrity API** anti-abuse controls for Android apps in **2025**, strengthening protection across the app ecosystem. The update matters...

Open Happening

Android remote access tool abusing Accessibility Services

Malware Activity
First: 30.01.2026 00:08 Last: 30.01.2026 00:08 Sources 1

About this happening: An **unnamed Android remote access tool** was found abusing **Accessibility Services** to take over devices, **capture screenshots**, steal credentials, and block removal. The mal...

Open Happening

Timeline

  1. 03.09.2025 17:14 1 articles · 8mo ago

    Initial report: Android kernel POSIX CPU timers race condition remote code execution flaw (CVE-2025-38352)

    Initial Disclosure

    **CVE-2025-38352** emerged as an **Android kernel** elevation-of-privilege flaw after its **2025-07-22** disclosure. Initial reporting later tied it to **limited, targeted zero-day exploitation** and kernel instability risk.

    Show sources
    Open in new tab
  2. 03.09.2025 14:05 2 articles · 8mo ago

    Google ships September 2025 Android security updates

    Initial Disclosure

    Google shipped September 2025 Android security updates to address 120 flaws, including CVE-2025-38352 in the Linux Kernel and CVE-2025-48543 in Android Runtime. Google said both privilege-escalation issues could enable local escalation of privilege without additional execution privileges or user interaction, and it described the activity as limited, targeted exploitation. The bulletin also introduced patch levels 2025-09-01 and 2025-09-05 and advised Android partners to use the latest security patch level.

    Show sources
    Open in new tab