CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Mobile & Wireless·Vulnerabilities

Android Zero-Days Patched in December 2025 Security Update

Google warns that two out of the 107 vulnerabilities patched in Android this month have been exploited in limited, targeted attacks. The post Android Zero-Days Patched in December 2025 Security Update appeared first on SecurityWeek.

Android vulnerability

Google on Monday released new security updates for Android users, warning that two of the resolved vulnerabilities have been exploited in attacks.

The exploited zero-days, tracked as CVE-2025-48633 and CVE-2025-48572, impact the platform’s Framework component and could be exploited for information disclosure or elevation of privilege, respectively.

The December 2025 Android Security Bulletin reads:

“There are indications that the following may be under limited, targeted exploitation.

CVE-2025-48633

CVE-2025-48572”

Google has refrained from sharing additional information on the two security defects, except that they impact Android versions 13, 14, 15, and 16.

Given the internet giant’s phrasing, both flaws might have been exploited by a commercial spyware vendor.

The issues were addressed in the first part of Android’s December 2025 security update, which arrives on devices as the 2025-12-01 security patch level, and which contains patches for 51 vulnerabilities in the Framework and System components.

“The most severe of these issues is a critical security vulnerability in the Framework component that could lead to remote denial of service with no additional execution privileges needed,” Google’s advisory reads.

The fresh Android update resolves a total of 107 bugs, with the second part of the update, the 2025-12-05 security patch level, containing fixes for all.

The patches also target the kernel, along with Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm components.

This month, there are no flaws addressed in Google Play system updates, and no security patches included in the Android Automotive OS and Wear OS security bulletins.

Devices running a security patch level of 2025-12-05 or later contain fixes for all vulnerabilities resolved with the December 2025 updates and previous Android patches.

Related: Android Update Patches Critical Remote Code Execution Flaw

Related: New Albiriox Android Malware Developed by Russian Cybercriminals

Related: Landfall Android Spyware Targeted Samsung Phones via Zero-Day

Related: Samsung Patches Zero-Day Exploited Against Android Users

Latest News

CYBERNEWSMEDIAPublisher