Patchday: Critical malware vulnerability threatens Android 16
Important security updates close several vulnerabilities in the Android mobile operating system.
(Image: heise online)
If you have an Android device that is currently being supported, you should ensure that the latest security updates are installed. Otherwise, attackers have several points of attack.
Several gaps closed
In a current warning message, Google lists the vulnerabilities closed with the patch levels 2015-08-01 and 2025-08-05. The most dangerous is a vulnerability classified as “critical” (CVE-2025-48530) in the system, which only affects Android 16.
At this point, the developers write that attackers can exploit the vulnerability without additional user rights. No interaction for the victim is necessary for a successful attack. However, according to the description, malicious code can only be executed remotely in combination with other bugs. It is not yet clear exactly what this means and how such an attack could take place.
If attackers exploit two vulnerabilities (CVE-2025-23331 “high”, CVE-2025-48533 “high”) in the framework, they can gain higher user rights. Other vulnerabilities impact various Arm and Qualcomm components. Attacks in the context of the Mali GPU and the display are conceivable here. It is currently not clear from the warning message what impact such attacks could have.
Videos by heise
Some devices remain vulnerable
Google's developers state that the source code for the security patches is available in the Android Open-Source Project (AOSP). Unfortunately, only selected devices will benefit from the updates, which must also still be in support. In addition to Google, LG, and Samsung also publish monthly security patches. Further information can be found in the box next to this message.
(des)
