Did you know you can customize Google to filter out garbage? Take these steps for better search results, including adding Lifehacker as a preferred source for tech news .
In its latest Android Security Bulletin , Google is releasing updates to address 84 vulnerabilities, including two flaws that may be under targeted, active exploitation.
The patches for September cover a range of high-severity issues, including denial of service, information disclosure, and elevation of privilege vulnerabilities as well as one remote code execution bug. Google is also fixing flaws in Qualcomm, MediaTek, Arm, and Imagination Technologies components in its 2025-09-05 patch. Four of the vulnerabilities are considered critical.
Two active exploits
Two of the bugs addressed this month are zero-days that Google indicates have been actively exploited. The first, labeled CVE-2025-38352, is a previously identified elevation of privilege flaw in the Linux kernel that allows task cleanup disruption and kernel destabilization, the result of which could be denial of service or privilege escalation.
The second bug (CVE-2025-48543) is also an elevation of privilege vulnerability, though in the Android Runtime component. This flaw could allow a malicious app to bypass sandbox restrictions to gain higher-level system access.
Three of the critical flaws being patched this month are in Qualcomm components, while one is a remote code execution bug in Android’s System component that doesn’t require user interaction to be exploited.
Update your Android device
Android users should see a notification to install these security updates as soon as they become available. This month’s patches apply to AOSP versions 13, 14, 15, and 16 and are dated 2025-09-01 and 2025-09-05. (If you install the latter, you’ll fix all identified bugs.)
Note that Google issues patches for Pixel phones and the core Android Open Source Project (AOSP) code, while Samsung, Motorola, and Nokia release updates for their devices.
You can check for updates via Settings > Security & privacy > System & updates > Security update. If there’s a patch available, follow the prompts to download and install.
