New Android Security Patch Resolves 120 Vulnerabilities, Two Currently under Active Exploitation
In the ever-evolving world of technology, the latest Android security update aims to provide a much-needed boost to device security. The update, released this month, includes 120 fixes for various issues, making it the biggest release of the year for Android.
One of the most significant vulnerabilities addressed is a Remote Code Execution (RCE) flaw, tracked as CVE-2025-48539, in the System component. This vulnerability could potentially allow attackers to compromise a device without physical access.
Two other vulnerabilities, CVE-2025-38352 in the Linux kernel and CVE-2025-48543 in Android's runtime environment, have been identified for privilege escalation without user interaction. These vulnerabilities are suspected to be exploited by spyware vendors, although the attackers have yet to be identified.
The fragmented Android ecosystem, with manufacturers like Samsung and Motorola responsible for rolling out updates, often slows patch distribution. While Google's Pixel phones receive updates immediately, other manufacturers take longer. This delay leaves millions of devices exposed.
To help bridge this gap, specialized security tools like Bitdefender Mobile Security for Android can provide an additional shield. These tools can block malware, phishing attempts, and suspicious apps in real time, offering an extra layer of protection during the often long wait for manufacturers to deliver patches.
Qualcomm has recently extended its device support period to as long as eight years, providing a glimmer of hope for long-term security support. The update addresses three critical flaws in Qualcomm components, including issues affecting GPS systems, mobile data stacks, and call processors. One of the Qualcomm issues has a severity score of 9.1 out of 10.
The update also patches 10 high-severity issues in Imagination Technologies' GPU drivers. Imagination Technologies is the company behind the PowerVR graphics chips found in many Android devices.
Hong Kong's cybersecurity response team has strengthened Google's warnings, pointing to evidence of small-scale, targeted activity. Installing security patches as soon as they arrive is crucial to close the holes attackers are targeting in vulnerable systems.
However, neither Samsung nor Motorola has indicated when users can expect the patches for the new vulnerabilities. It's a reminder for Android users to stay vigilant and consider using additional security measures to protect their devices.
