Patchday: Critical malware vulnerability threatens Android 15 and 16

Devices with Android 13, 14, 15 and 16 are vulnerable. Attackers can exploit various vulnerabilities to completely compromise smartphones and tablets in the worst-case scenario. So far, there are no reports that attacks are already underway. Security patches are available to download for selected devices.

Effects of attacks

In a warning message, the Android developers classify a "critical" vulnerability (CVE-2025-48539) in the system as the most dangerous. This affects Android 15 and 16. According to the brief description of the vulnerability, remote attacks should be possible without additional execution authorizations and without the intervention of victims. The developers have also closed other vulnerabilities in system components. If attacks are successful at these points, attackers can primarily gain higher user rights. However, data can also be leaked or services can crash (DoS). The vulnerabilities are classified as "high" threat level.

Vulnerabilities with such effects also affect the framework. How attacks can actually take place in these cases is currently not clear from the warning message. Another vulnerability (CVE-2025-32332 "high") affects the DRM component Widevine. The developers have also closed gaps in the kernel and various components from Arm, Imagination, MediaTek and Qualcomm. In this context, attacks on the modem and WLAN components are possible, for example.

Security patches

The developers assure us that they have closed the gaps in patch levels 2025-09-01 and 2025-09-05. The security updates are available for Google Pixel devices that are still in support (see box). Samsung and Huawei, among others, also provide monthly updates for selected devices for download.

(des)