A vulnerability to Android, Versions 13, 14, 15 and 16, was disclosed by Google in September which gives attackers a possible way to access data displayed on a screen through side channel disclosure. Among the vulnerable components was Widevine DRM, which governs access to protected media content.
Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data, create new accounts with full rights and allow for remote code execution.
A security patch was quickly issued. According to source.android.com, security patch levels of 2025-09-05 or later address all of the issues. Google and other device manufacturers post information on how to perform the updates.
Reported in the wild
Google had reported targeted exploitation in the wild. Details of lower-severity vulnerabilities include:
- A vulnerability in Widevine DRM.
- A vulnerability in Android Runtime, System, Kernel and Framework that could allow for elevation of privilege
- Multiple vulnerabilities in System and Framwork that could allow for information disclosure and denial of service. (CVE-2025-48524, CVE-2025-48534)
- Multiple vulnerabilities in Arm, Imagination Technologies, MediaTek and Qualcomm components.
- Multiple vulnerabilities in Qualcomm closed-source components.
Why it matters
Android 16 and three previous versions are subject to this attack. However, users of Android devices are not assured of automatic updates and if not patched, remain vulnerable. Many consumers are not aware of these updates or methods, nor may they even be aware that such vulnerabilities exist.
Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could install programs; view, change, or delete data; or create new accounts with full rights.
Google’s Android is an operating system that runs in smartphones, tablets, and watches. There is no assurance that this patch has been pushed to your device. To learn how to check a device’s security patch level, check and update your Android version.
Further reading
CVE-2025-48561 Detail. Posted September 4, 2025, updated Sept 26. National Institute of Standards and Technology (NIST). US Government
Android Security Bulletin – September 2025. Published Sept 2, 2025, updated Sept. 29. source.android.com
Multiple vulnerabilities in Google Android OD could allow for remote code execution. ITS Advisory number 2025-081. September 4, 2025. Office of Information Technology Services. State of New York
