If you’ve been putting off updating your Android phone, now is the time to do so as Google has released its September 2025 security update which fixes 84 vulnerabilities—including two actively exploited zero-day flaws.
As reported by BleepingComputer, Google claims these two zero-days are currently being used in limited, targeted attacks by hackers. The first zero-day (tracked as CVE-2025-38352) is an elevation of privilege flaw in the Android kernel while the second zero-day (tracked as CVE-2025-48543) is the same type of flaw that exists in the Android Runtime component.
CVE-2025-38352 was first discovered in the Linux kernel back in July and has since been patched. However, we’re now learning that it was actively exploited in Android which is built on Linux. Hackers with the right skills can leverage this flaw to achieve denial of service, privilege escalation and even to crash Android phones that have not yet been updated.
Meanwhile, CVE-2025-48543 impacts the Android Runtime component in Google’s mobile operating system. If exploited, it could allow a malicious app to bypass Android’s sandbox restrictions to access higher-level system capabilities.
Critical security flaws
In addition to these two zero-days, Google also revealed in its Android Security Bulletin for September 2025 that it also fixed four critical-severity vulnerabilities.
The first critical-security vulnerability (tracked as CVE-2025-48539) is a remote code execution flaw in Android’s System component. It can be used by an attacker on the same Wi-Fi network, in Bluetooth range or with physical access to a vulnerable phone to execute arbitrary code on the device without the necessary privileges or any user interaction.
The other critical-severity flaws (tracked as CVE-2025-21450, CVE-2025-21483, and CVE-2025-27034) impact Qualcomm’s proprietary components like its Snapdragon chips which are found in many of the best Android phones. Alongside these bugs, this round of Android security updates includes fixes for 27 vulnerable Qualcomm Components.
In order to patch all of the issues addressed in this security update, you’re going to want to update your Android phone to security patch level 2025-09-01 or 2025-09-05. This can be done by heading to Settings > System > Software updates > System update and then by tapping on “Check for update.”
Unfortunately though, these fixes are only for users with phones running Android 13-16. For those still on Android 12, it’s recommended that you update to a newer device that still receives security updates. If you’re looking to avoid having to upgrade your phone for some time and want the latest security updates as soon as they become available, then your best bet is investing in one of Google’s own Pixel phones as they are some of the only Android devices that get seven years of operating system and security updates.
How to keep your Android phone safe from hackers
The most important thing you can do to keep your Android phone safe from hackers is to regularly update your operating system and all of the apps you have installed. However, if your phone is from a manufacturer that doesn’t put out updates that regularly, don’t worry, as there are still a number of steps you can take to secure your device and the sensitive info on it.
To stay safe when downloading new apps, you want to ensure that Google Play Protect is enabled. This free, built-in security app scans all of your existing apps and any new ones you download for malware to help keep you safe from malicious apps.
For extra protection though, you should also consider running one of the best Android antivirus apps alongside it. Not only are they updated more frequently, but many Android antivirus apps include useful extras like access to one of the best VPNs or a password manager to help protect your privacy and your credentials.
From there, it’s just a matter of being extra careful when downloading new apps, but you also want to avoid clicking on links or downloading files from unknown senders via email or text. Sideloading apps is another thing that can put you at risk but like Apple, Google is planning to lock down Android so that you soon won’t be able to do this at all.
Whether it’s your phone, tablet or computer, installing new updates and security patches in a timely manner is the easiest way to stay safe from hackers, especially as they love to target people and devices running outdated software. I know we often consider things like screen size and storage when picking a new phone but security updates and how many years of support you get are two very important things that you should absolutely take into account when shopping for your next Android device.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
More from Tom's Guide
- PayPal users under attack from sophisticated new phishing scam — don't fall for this
- Google says claims of Gmail security warning are 'false' — here's the latest
- Major US delivery company hit in data breach with full names, SSNs and medical info of thousands exposed online
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
