Skip to main content
Cyber Week Sale - Get 40% off Vantage
Get Started
SubscribeLogin
Published loading...Updated

Google Issues Critical Update For All Android Users—Attacks Confirmed

The update patches 107 vulnerabilities including two zero-days and critical kernel defects, with source code to be published to the Android Open Source Project by Wednesday.

  • Google issued December's Android security bulletin on Monday, addressing 107 vulnerabilities including two actively exploited zero-day vulnerabilities in a package with more than 100 patches.
  • Amid uneven monthly totals, December's package stands out as Google's new omnibus quarterly grouping process concentrated fixes into a large update after few reports this year.
  • Security bulletin lists CVE-2025-48631 as the most critical fix this month, while CVE-2025-48633 and CVE-2025-48572 affect Android versions 13 through 16 and a secondary patch fixes nine kernel vulnerabilities including four critical.
  • Manufacturers must integrate and release patches on their own schedules, Samsung added the December update late, so most Samsung users won't get fixes soon; users are urged to check Android OEM instructions and apply updates promptly.
  • Google said source code will be published to AOSP by Wednesday, and neither zero-day had been added to CISA’s Known Exploited Vulnerability catalog by the end of Monday.
Insights by Ground AI

15 Articles

The RegisterThe Register
Center

Two Android 0-day bugs patched, plus 105 more fixes

: Christmas comes early for attackers this year

Read Full Article
LifehackerLifehacker
Center

Google's December Security Update Fixes Two Zero-Day Exploits (and 105 Others)

The latest patch addresses two zero-day exploits.

Read Full Article
Tech RadarTech Radar
Center

107 Android flaws just got patched by Google - here's how to make sure you're up to date

Among them are two actively exploited bugs, allegedly used by state-sponsored actors.

·United Kingdom
Read Full Article
BleepingComputerBleepingComputer
Center

Google fixes two Android zero days exploited in attacks, 107 flaws

Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks.

Read Full Article
CyberScoopCyberScoop
Center

Google addresses 107 Android vulnerabilities, including two zero-days

Google disclosed two actively exploited zero-day vulnerabilities Monday, which it addressed among a total of 107 defects in the company’s monthly security update for Android devices. The zero-days — CVE-2025-48633 and CVE-2025-48572 — are both high-severity defects affecting the Android framework, which attackers can exploit to access information and escalate privileges, respectively. Google said both vulnerabilities, which had not been added to…

Read Full Article
ForbesForbes
Center

Google Issues Critical Update For All Android Users—Attacks Confirmed

Google confirms new attacks on Android phones — here’s what you do.

·United States
Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

Forbes broke the news in United States on Monday, December 1, 2025.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Google icon

Google

Android icon

Android

CISA icon

CISA

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal