Jump to content




Google's December Security Update Fixes Two Zero-Day Exploits (and 105 Others)

ResidentialBusiness
in Setting Up Your Home Office

Featured Replies

In its Android Security Bulletin for December, Google is pushing an especially large number of updates to address vulnerabilities across different components—and two of the flaws may have been exploited in the wild.

The December patch covers 107 bugs across Android Kernel, System, and Framework as well as Qualcomm, MediaTek, Arm, Unisoc, and Imagination Technologies components. The high-severity vulnerabilities include denial of service, elevation of privilege, and information disclosure flaws. There are also a handful of bugs labeled as "critical."

Two active exploits

Two of the vulnerabilities addressed in the December update are zero-days, which are flaws that have been actively exploited or publicly disclosed before the developer makes a patch available. Google notes that both may be under "limited, targeted exploitation."

CVE-2025-48633 is an information disclosure vulnerability, while CVE-2025-48572 is an elevation of privilege flaw. Both affect the Android Framework in versions 13 through 16.

Google hasn't disclosed any additional information about the flaws and how they may have been exploited (or by whom). However, as Bleeping Computer reports, similar bugs have been targeted in the past by commercial spyware operations and nation-state campaigns.

Ensure your Android device is up to date

You should always implement security patches as soon as they're available, so if you see a notification to update, go ahead and follow the prompts to download and install it. You can also check for updates via a path like Settings > Security & privacy > System & updates > Security update. Note that this may be slightly different depending on your device, and you can always search "update" to locate it.

This month's patches apply to Android Open Source Project (AOSP) versions 13, 14, 15, and 16 and are dated 2025-12-01 and 2025-12-05—the latter fixes all known issues.

Pixel users (and the core AOSP code) receive patches from Google, and those on other Android devices from Huawei, LGE, Samsung, Motorola, and Nokia should see updates from their respective manufacturers around the same time.

View the full article
https://residentialbusiness.com/income/topic/25023-googles-december-security-update-fixes-two-zero-day-exploits-and-105-others/
Go to topic listing




Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.