Google revealed two actively exploited zero-day vulnerabilities affecting Android, part of a broader security update patching 107 issues this month. These vulnerabilities pose significant risks such as privilege escalation and information access, highlighting ongoing challenges in Android security management. #CVE-2025-48633 #CVE-2025-48572
Keypoints
- Google disclosed two zero-day vulnerabilities actively being exploited in Android devices.
- The vulnerabilities, CVE-2025-48633 and CVE-2025-48572, affect the Android framework and can lead to privilege escalation and data access.
- This monthβs security update patched a total of 107 vulnerabilities, including critical flaws affecting multiple hardware components.
- Patch levels 2025-12-01 and 2025-12-05 enable Android device manufacturers to address common vulnerabilities on different devices.
- Source code for the addressed vulnerabilities will be released to the Android Open Source Project repository this week.
Read More: https://cyberscoop.com/android-security-update-december-2025/