Google has released security updates to fix 120 vulnerabilities in its Android operating system, including two zero-day flaws currently being exploited. These vulnerabilities include a privilege escalation issue in the Linux Kernel and another in the Android Runtime component, both of which allow local privilege escalation without requiring additional execution privileges or user interaction. Although Google has not disclosed how these flaws are being exploited, it noted signs of limited, targeted attacks. Benoît Sevens from Google’s Threat Analysis Group identified the Linux Kernel flaw, suggesting its use in spyware attacks. The updates also address various remote code execution, privilege escalation, information disclosure, and denial-of-service vulnerabilities affecting Framework and System components. Google has provided two security patch levels, 2025-09-01 and 2025-09-05, to enable Android partners to address common vulnerabilities more swiftly. Last month, Google also resolved two actively exploited Qualcomm vulnerabilities.
Is Google addressing critical Android security vulnerabilities with its latest patches?
