Android Attacks Exploit Kernel, Runtime Flaws; Over 1 Billion Unprotected

Google has confirmed the active exploitation of two high-severity vulnerabilities in Android, potentially impacting over a billion devices. Forbes reported that these flaws, detailed in a September 6 security update, affect the Android Kernel (CVE-2025-38352) and Android Runtime (CVE-2025-48543). Both vulnerabilities enable local privilege escalation without requiring additional execution privileges or user interaction, presenting a substantial security risk. Google has not yet disclosed details of the specific attacks. Google is currently deploying patches, with its own Pixel devices being prioritized. Other manufacturers are expected to receive updates within 48 hours. The September security update also resolves four other critical vulnerabilities impacting the Android System and Qualcomm chipsets. However, these fixes are only available to devices that currently receive monthly security updates. Consequently, a significant portion of the Android ecosystem, estimated by Zimperium to affect 25.3% of devices, remains vulnerable due to outdated operating systems or a lack of support contracts. To safeguard their data, users of older, unsupported Android devices are strongly advised to upgrade to newer models, as these devices are susceptible to both current and future threats. The widespread vulnerability of devices highlights an ongoing challenge in ensuring security across the expansive and fragmented Android ecosystem.