Patch Tuesday is next week, but Android is ahead of the game, dropping its biggest patch bundle this year while attackers actively exploit two of the now-fixed flaws.

This month, the world's most popular mobile operating system pushed out 120 patches, its biggest monthly dump this year. It's a far cry from July, when Android didn't issue a single patch as everything was apparently fine, but in September, two of the flaws may be under "limited, targeted exploitation."

The two biggest concerns are CVE-2025-38352 , a high-severity problem with the Linux kernel at the heart of the operating system, and CVE-2025-48543 , a high-severity issue with Android's runtime environment hosting apps. An attacker can escalate local privileges with both flaws, without even requiring user interaction.

Goo

See Full Page