Google’s September update fixes over 80 security gaps, including two actively used zero-day weak points and critical Samsung security problems. Affected users should update immediately.
The days of undisturbed Android use are over for the time being. With the September Security Update, Google has published one of the most extensive patch collections of the year-over 80 weaknesses have been closed, including two already active zero-day gaps.
The update comes at the right time: The US cyber security authority CISA has already included both zero-days in their catalog of well-known threats. Federal authorities have to patch by September 25th – a clear signal to the entire industry.
Two zero-days in the sights of attackers
Table of Contents
The two weak points are particularly explosive CVE-2025-38352 and CVE-2025-48543that are already used in targeted attacks. Both enable attackers without obtaining extended system rights without gaining any user interaction.
The first gap is in the Linux kernel and was discovered by Google’s in-house Threat Analysis Group-the unit that normally examines state-funded cyber attacks. This indicates highly professional attackers.
The second weak point concerns Android’s duration environment. A prepared app can break out of your security sandbox and compromise the entire system. Exactly the scenario, warning of the security expert for years.
Samsung under fire: critical image processing gap
At the same time, Samsung pushes with an emergency patch. The weak point CVE-2025-21043 In a proprietary image processing library, attackers enable the complete device takeover-simply by processing a manipulated image.
The security teams of Meta and WhatsApp discovered the gap on August 13th. The timing suggests: messaging apps were the focus of the attackers. Samsung officially confirmed that exploits were already in circulation.
Samsung devices with Android 13, 14, 15 and 16. Users should immediately install the September update.
Display: Messaging apps were the focus of the attackers-all the more important are their own protective measures in addition to quick updates. Many Android users overlook 5 simple steps that make WhatsApp, online banking and PayPal noticeably safer-without any expensive additional apps. A free guide leads you step by step through the most important settings and checks against data theft and malware. Now download the free security package for Android
Critical remote access weak spots closed
But that’s not all: CVE-2025-48539 enables the remote version of code via Bluetooth or WLAN – without any user interaction. Such “worms” bugs are particularly dangerous because they can theoretically automatically spread between devices.
Qualcomm chips are particularly affected. Three critical gaps were closed, including CVE-2025-21483 In the data network stack and CVE-2025-27034 in the call processor. Both could be used via manipulated network packages.
Update strategy: Two patch levels for quick distribution
Google divides the update into two stages: 2025-09-01 Fixed the core android gaps while 2025-09-05 also covers kernel and manufacturer components. This strategy is intended to help manufacturers distribute critical fixes faster.
The procedure shows the complexity of the Android ecosystem: While Google provides the code, hundreds of device manufacturers have to integrate, test and deliver the patches into their individual Android variants.
Update immediately – but how?
Android users should search for available updates under “Settings> System> System update”. Devices with patch level 2025-09-05 are protected against all known threats.
Display: Updates are the most important protection – but not the only one. If your manufacturer dawdles, you can still clearly harden your smartphone: the free guide shows the 5 most effective measures with which you can better protect data, chats and accounts immediately. Including step -for -step instructions for tested apps, automatic tests and critical system settings. Request free Android security guidelines
But the big one: When the update is actually available, manufacturers and mobile operators decide. This fragmentation remains Android’s greatest security weakness – while the threats have long been real.
