Google Patches Actively Exploited Android Security Flaws
▼ Summary
– Google has patched 51 Android vulnerabilities, including two high-severity flaws in the Android Framework that may be under limited, targeted exploitation.
– The two critical vulnerabilities, CVE-2025-48633 and CVE-2025-48572, can allow access to sensitive information and privilege escalation, respectively.
– The attacks exploiting these flaws are suggested to potentially involve state-sponsored actors or espionage, though specific details are not public.
– Patches are available for Android versions 13 through 16, with device manufacturers like Samsung and Motorola already issuing updates for some models.
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these two vulnerabilities to its Known Exploited Vulnerabilities catalog.
Google has released a comprehensive security update addressing over fifty vulnerabilities within the Android operating system. This monthly patch includes fixes for two particularly concerning high-severity flaws that evidence suggests are already being used in limited, targeted attacks. The company’s security bulletin confirms these issues reside in the Android Framework, the essential collection of libraries and tools used to build applications for the platform.
While Google typically withholds specific technical details to prevent wider exploitation, the advisory clarifies the potential impact. The first vulnerability, tracked as CVE-2025-48633, could allow a malicious application to access sensitive information stored on a device. The second, identified as CVE-2025-48572, might enable an attacker to gain elevated system privileges. The language used in the bulletin often indicates threats associated with sophisticated actors, potentially involving state-sponsored espionage or commercial spyware.
Beyond these two critical framework flaws, the update resolves an additional 56 security weaknesses. These affect various core components, including the Android kernel and hardware-specific code from major chipset providers like Qualcomm, MediaTek, and ARM. Patches for these issues are bundled into the December 5 security patch level. Google maintains this dual-patch system to give its manufacturing partners flexibility in deploying the most urgent fixes across all device models more rapidly.
The initial set of patches, dated December 1, is available for devices running Android versions 13 through 16. However, end-users do not receive updates directly from Google. Instead, individual device manufacturers and mobile carriers are responsible for developing, testing, and distributing the tailored security updates to their products. This process usually takes several weeks following Google’s bulletin publication.
Several major vendors have already begun rolling out updates. Samsung has issued a maintenance release for its flagship models that incorporates both Google’s framework patches and its own proprietary fixes. Motorola has also confirmed it has addressed the critical CVE-2025-48633 vulnerability in its December update cycle. Other prominent manufacturers, including Huawei, LG, Nokia, and Oppo, are expected to follow suit and release their security patches in the near future.
The urgency of applying these updates was underscored when the U.S. Cybersecurity and Infrastructure Security Agency (CISA) formally added both actively exploited Android flaws to its Known Exploited Vulnerabilities catalog. This directive requires federal agencies to patch the issues, highlighting the serious risk they pose. All Android users are strongly encouraged to proactively check their device’s system settings for available software updates and install them immediately to protect their devices and data.
(Source: HelpNet Security)
