![\"Google](\"https:\/\/www.europesays.com\/uk\/wp-content\/uploads\/2025\/09\/1757193073_815_960x0.jpg\")
<\/p>\n<\/p>\n
Do you need a new phone?<\/p>\n
getty<\/p>\n
Republished on September 6 with a new update deadline for government staff following Google\u2019s confirmation that attacks on Android phones are now underway.<\/p>\n
Google has issued a critical warning<\/a> for all Android users, confirming that two separate vulnerabilities have been exploited in the wild. Such is the seriousness of its security update this month, that Google will quickly fix all eligible Pixel devices<\/a>.<\/p>\n The two high-severity vulnerabilities that have been exploited \u2014 CVE-2025-38352 and CVE-2025-48543 \u2014 affect the Android Kernel and Android Runtime respectively. As ever, Google has not issued any material detail at this early stage.<\/p>\n Forbes250 Million Personal Identities Exposed In \u2018Massive Data Leak\u2019By Zak Doffman<\/a><\/p>\n There are also four other critical fixes \u2014 CVE-2025-48539, CVE-2025-21450, CVE-2025-21483 and CVE-2025-27034. The first is an Android System issue, whilst the other three relate to Qualcomm<\/a> chipsets and the release of manufacturer fixes.<\/p>\n Google says CVE-2025-48543 and CVE-2025-38352 are deeply concerning, and both \u201ccould lead to local escalation of privilege with no additional execution privileges needed.” More alarmingly, “user interaction is not needed for exploitation.\u201d<\/p>\n Whilst Pixels will be updated immediately, other OEMs will receive code patches \u201cin the next 48 hours\u201d and will need to update their own monthly bulletins and firmware releases. You can expect the usual deployment schedule over the coming weeks.<\/p>\n A timely reminder that only devices still eligible for monthly security updates will receive these fixes. Upwards of a billion Android phones<\/a> are no longer on any form of support contract, and many are running versions of Android that can\u2019t be updated.<\/p>\n Android update eligibility<\/p>\n EndOfLife<\/p>\n This is exactly why owners of these older devices are urged to upgrade their phones if they can\u2019t update their software. Until you do, your data and your device are at risk.<\/p>\n As Zimperium<\/a> warns, \u201ca significant percentage (25.3%) of devices are not upgradeable due to the device\u2019s age.\u201d And delayed updates makes that problem worse. \u201cAt any given point in the year, over 50% of mobile devices are running outdated OS versions, and a significant number are compromised or infected.”<\/p>\n America\u2019s cyber defense agency added both Android security threats to its Known Exploited Vulnerability (KEV<\/a>) catalog on September 4. Federal staff have until September 25 to update or stop using their Android devices. Clearly, in the unlikely event any devices that can\u2019t be updated are still in use by federal agency staff, those will need to be upgraded to new hardware by the deadline date.<\/p>\n