Google Patched Two Zero-Day Vulnerabilities in Android

Google’s latest security update for Android is here, and it’s a critical one. The new update patches a staggering 120 security flaws, including, notably, two zero-day vulnerabilities.

While all security vulnerabilities are important to patch as soon as possible, zero-days are essential. A zero-day is a security vulnerability publicly disclosed or exploited before a patch is made available. As such, it gives bad actors an opportunity to exploit the vulnerability before end users have a chance to protect themselves.

The two zero-day vulnerabilities Google patched in this latest update are as follows:

• CVE-2025-38352 (CVSS score: 7.4) – A privilege escalation flaw in the Linux Kernel component 
• CVE-2025-48543 (CVSS score: N/A) – A privilege escalation flaw in the Android Runtime component

To make matters worse, Google says these flaws do not require any action on the part of the user. Luckily, the company claims the attacks are not widespread; rather, these vulnerabilities have been contained to “limited, targeted exploitation.” It’s possible bad actors have exploited these zero-days in spyware attacks, aimed at high-profile individuals, rather than general Android users.

Even if you aren’t at great risk, it’s highly recommended to update your Android devices as soon as possible. These two zero-days, plus the other 118 patches, make this a particularly important update, so make sure to protect your devices.