CyberHappenings logo
โ˜ฐ
๐Ÿ  Home ๐Ÿ“‚ Browse โ„น๏ธ About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacyโ€‘respecting. No ads, no tracking.

Google Patches Two Zero-Day Vulnerabilities in Android Under Active Exploitation

First reported
Last updated
๐Ÿ“ฐ 3 unique sources, 3 articles

Summary

Hide โ–ฒ

Google has released September 2025 security updates for Android, addressing 111 vulnerabilities, including two zero-day flaws actively exploited in targeted attacks. The updates include fixes for privilege escalation, remote code execution, information disclosure, and denial-of-service vulnerabilities. The two zero-days are in the Linux Kernel and Android Runtime components. The updates are part of Google's monthly security patches, with two patch levels released to provide flexibility for Android partners. This update also addresses critical vulnerabilities in Qualcomm components and includes fixes for MediaTek-powered devices. The September 2025 Pixel security updates resolve 23 vulnerabilities specific to Pixel devices, and Wear OS, Pixel Watch, and Automotive OS updates include fixes for all vulnerabilities described in the Android bulletin.

Timeline

  1. 03.09.2025 17:14 ๐Ÿ“ฐ 2 articles ยท โฑ 13d ago

    Google addresses critical vulnerabilities in Qualcomm components

    The 2025-09-05 security patch level addresses additional issues affecting various components, including the Linux kernel and Qualcomm components.

    Show sources
    Open in new tab
  2. 03.09.2025 14:05 ๐Ÿ“ฐ 3 articles ยท โฑ 13d ago

    Google patches two zero-day vulnerabilities in Android under active exploitation

    The Linux kernel bug (CVE-2025-38352) was reported by Benoรฎt Sevens of Google's Threat Analysis Group, suggesting potential exploitation in spyware attacks. The Android Runtime zero-day (CVE-2025-48543) affects AOSP 13, 14, 15, and 16 releases and has been resolved as part of the 2025-09-01 security patch level, which addresses 58 other bugs in Framework, System, and Widevine DRM. The 2025-09-05 security patch level fixes 51 other issues affecting the Linux kernel and various components.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Fourth Spyware Campaign Targeting French Apple Users in 2025

Apple has notified French users of a fourth spyware campaign in 2025. The Computer Emergency Response Team of France (CERT-FR) confirmed the alerts on September 3, 2025. The campaign targets individuals based on their status or function, including journalists, lawyers, activists, politicians, and senior officials. The alerts are part of a series of notifications sent throughout the year, with previous alerts on March 5, April 29, and June 25. These alerts indicate that at least one device linked to the users' iCloud accounts may have been compromised in highly-targeted attacks. The campaign follows a previous incident involving a security flaw in WhatsApp (CVE-2025-55177) and an Apple iOS bug (CVE-2025-43300), which were used in zero-click attacks. Apple has been sending these notifications since November 2021. Apple introduced Memory Integrity Enforcement (MIE) in the latest iPhone models to combat memory corruption vulnerabilities.

Open in new tab

Microsoft September 2025 Patch Tuesday fixes 81 vulnerabilities, including two zero-days

Microsoft released updates for 80 vulnerabilities on September 2025 Patch Tuesday. None of these vulnerabilities were zero-days. The updates address eight critical flaws, including five remote code execution vulnerabilities, one information disclosure, and two elevation of privilege vulnerabilities. The vulnerabilities span various categories: 38 elevation of privilege, 2 security feature bypass, 22 remote code execution, 14 information disclosure, 3 denial of service, and 1 spoofing. One zero-day vulnerability was fixed in Windows SMB Server. The updates also include hardening features for SMB Server to mitigate relay attacks, with recommendations for administrators to enable auditing. The patch includes 38 elevation of privilege vulnerabilities, the highest number among all categories. CVE-2025-54918 is an EoP vulnerability in Windows NT LAN Manager (NTLM) marked as critical. CVE-2025-54111 and CVE-2025-54913 are EoP flaws in Windows UI XAML, allowing privilege escalation via phished credentials or malicious Microsoft Store apps. CVE-2025-55232 is an RCE vulnerability in the Microsoft High Performance Compute (HPC) Pack with a CVSS score of 9.8. CVE-2025-54916 is an RCE vulnerability in Windows NTFS that can be triggered by authenticated users. Microsoft's patch update includes recommendations for preparing for the end-of-life of Windows 10 and mandatory multifactor authentication (MFA) for Azure in October 2025.

Open in new tab

CISA Warns of Active Attacks Exploiting TP-Link TL-WA855RE Wi-Fi Extender Vulnerability

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding active exploitation of a missing authentication vulnerability in TP-Link TL-WA855RE Wi-Fi range extenders. The flaw, tracked as CVE-2020-24363, allows attackers on the same network to perform unauthenticated factory resets and set new administrative passwords. The vulnerability was patched by TP-Link in 2020, but the product has since been discontinued. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to address it by September 23, 2025. The flaw enables attackers to bypass authentication mechanisms and gain unauthorized access to the device, potentially leading to network compromise.

Open in new tab

High-severity use-after-free vulnerability in Chrome's V8 JavaScript engine patched

Google has released Chrome 140 to address six vulnerabilities, including a high-severity use-after-free flaw in the V8 JavaScript engine. The issue, tracked as CVE-2025-9864, was reported by the Yandex Security Team. This type of vulnerability can lead to heap corruption and potential remote code execution (RCE) through crafted HTML pages. The update also fixes three medium-severity bugs in Chrome's Toolbar, Extensions, and Downloads components. Users are advised to update their browsers immediately. The update is available as versions 140.0.7339.80/81 for Windows and macOS, and 140.0.7339.80 for Linux. The extended stable channel has been updated to Chrome 140.0.7339.81 for both Windows and macOS.

Open in new tab

WhatsApp Zero-Day Exploited in Targeted Attacks

WhatsApp patched a zero-day vulnerability (CVE-2025-55177) in its messaging apps for Apple iOS and macOS. The flaw allowed unauthorized users to process content from arbitrary URLs on targeted devices. The issue was exploited in conjunction with a recently disclosed Apple flaw (CVE-2025-43300) in targeted zero-day attacks. WhatsApp notified less than 200 users who may have been targeted as part of the spyware campaign. The vulnerability relates to insufficient authorization of linked device synchronization messages. The exploitation involved chaining the WhatsApp flaw with the Apple vulnerability, enabling sophisticated attacks against specific users. The CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog and is advising federal agencies to apply mitigations by September 23, 2025.

Open in new tab