Android’s December 2025 Updates Patch Two Zero-Days

Posted on By CWS

Google on Monday launched new safety updates for Android customers, warning that two of the resolved vulnerabilities have been exploited in assaults.

The exploited zero-days, tracked as CVE-2025-48633 and CVE-2025-48572, influence the platform’s Framework element and could possibly be exploited for data disclosure or elevation of privilege, respectively.

The December 2025 Android Safety Bulletin reads:

“There are indications that the next could also be beneath restricted, focused exploitation.

CVE-2025-48633

CVE-2025-48572”

Google has kept away from sharing further data on the 2 safety defects, besides that they influence Android variations 13, 14, 15, and 16.

Given the web large’s phrasing, each flaws might need been exploited by a business adware vendor.

The problems have been addressed within the first a part of Android’s December 2025 safety replace, which arrives on gadgets because the 2025-12-01 safety patch degree, and which accommodates patches for 51 vulnerabilities within the Framework and System parts.Commercial. Scroll to proceed studying.

“Essentially the most extreme of those points is a crucial safety vulnerability within the Framework element that might result in distant denial of service with no further execution privileges wanted,” Google’s advisory reads.

The contemporary Android replace resolves a complete of 107 bugs, with the second a part of the replace, the 2025-12-05 safety patch degree, containing fixes for all.

The patches additionally goal the kernel, together with Arm, Creativeness Applied sciences, MediaTek, Unisoc, and Qualcomm parts.

This month, there are not any flaws addressed in Google Play system updates, and no safety patches included within the Android Automotive OS and Put on OS safety bulletins.

Gadgets operating a safety patch degree of 2025-12-05 or later comprise fixes for all vulnerabilities resolved with the December 2025 updates and former Android patches.

Associated: Android Replace Patches Crucial Distant Code Execution Flaw

Associated: New Albiriox Android Malware Developed by Russian Cybercriminals

Associated: Landfall Android Spy ware Focused Samsung Telephones through Zero-Day

Associated: Samsung Patches Zero-Day Exploited In opposition to Android Customers

Security Week News Tags:, , , ,

Related Posts

Undetectable Android Spyware Backfires, Leaks 62,000 User Logins Security Week News
Trial Opens Against Meta CEO Mark Zuckerberg and Other Leaders Over Facebook Privacy Violations Security Week News
Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names Security Week News
McDonald’s Chatbot Recruitment Platform Leaked 64 Million Job Applications Security Week News
NSO Ordered to Stop Hacking WhatsApp, but Damages Cut to $4 Million Security Week News
Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment Security Week News