News Hub
Technology

107 Android flaws just got patched by Google - here's how to make sure you're up to date

2025-12-02 13:07
852 views
107 Android flaws just got patched by Google - here's how to make sure you're up to date

Among them are two actively exploited bugs, allegedly used by state-sponsored actors.

  1. Pro
  2. Security
107 Android flaws just got patched by Google - here's how to make sure you're up to date News By Sead Fadilpašić published 2 December 2025

Among them are two actively exploited bugs

Comments (0) ()

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

An Android phone being held in the hand (Image credit: Shutterstock / mindea)
  • Google patched 100+ Android flaws across System, Kernel, and Framework components
  • Two zero-days (CVE-2025-48633, CVE-2025-48572) exploited in spyware and surveillance campaigns
  • Critical DoS bug (CVE-2025-48631) also fixed; users urged to update immediately

Earlier this week, Google released a new security update for the Android ecosystem, patching more than 100 different security flaws.

These bugs were found in various components such as System, Kernel, and Framework, and affected different manufacturers including Arm, MediaTek, and Qualcomm.

Among them are two high-severity vulnerabilities in Framework that are apparently being abused in the wild. They are tracked as CVE.2025-48633, and CVE-2025-48572, and are described as an information disclosure flaw and an elevation of privilege flaw.

You may like
  • Google Chrome app is seen on an iPhone next to Edge and other web browser apps. Microsoft is using new prompts in Edge to try and stop users from downloading Chrome. Google patches worrying Chrome zero-day flaw being exploited in the wild - here's how to stay safe
  • The iPhone 17 camera system in a range of colors. Apple reveals a host of iOS and iPadOS security flaws needing urgent attention - so patch now
  • Google Chrome app is seen on an iPhone next to Edge and other web browser apps. Microsoft is using new prompts in Edge to try and stop users from downloading Chrome. Google patches another worrying Chrome security flaw - so update now, or be at risk
Aura Family$60 offSave 75%Aura Family: was US$80 now US$20 at Aura Inc

Aura can protect your family with a plethora of features: Password Manager, ID theft protection, Antivirus, VPN, Parental Control and much more for just $20 per month!

View Deal

State-sponsored and commercial actors

Google did not share many details about the bugs, other than the fact that they affect Android versions 13, 14, 15, 16, and they “may be under limited, targeted exploitation”. However, according to CyberInsider, this is standard Google phrasing for “zero-days leveraged in spyware operations or state-sponsored surveillance campaigns.”

The same publication also says that similar zero-days have been exploited in the past by commercial spyware vendors such as NSO Group, Candiru, and Intellexa.

“Elevation of privilege (EoP) vulnerabilities, like CVE-2025-48572, are particularly useful in these attacks to gain deeper access after an initial foothold, while information disclosure flaws, such as CVE-2025-48633, are often used to leak sensitive system memory or defeat sandboxing protections,” it claims.

While these two are important, they are not the only dangerous flaws on the list. Google also addressed a critical vulnerability in Framework, tracked as CVE-2025-48631 which, if abused, can result in remote denial-of-service (DoS). This bug does not require additional execution privileges to be exploited.

Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

The fix is split in two levels (2025-12-01 and 2025-12-05), allowing device manufacturers to address parts of the flaws, and thus move faster. If you are an Android user, and the device prompted you to install the update, make sure to do so as soon as possible.

Earlier this year, Google fixed two bugs in the Linux Kernel that were also exploited in the wild - CVE-2025-38352, and CVE-2025-48543.

Via The Hacker News

Best antivirus software headerThe best antivirus for all budgetsOur top picks, based on real-world testing and comparisons

➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS Google Sead FadilpašićSocial Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more Google Chrome app is seen on an iPhone next to Edge and other web browser apps. Microsoft is using new prompts in Edge to try and stop users from downloading Chrome. Google patches worrying Chrome zero-day flaw being exploited in the wild - here's how to stay safe    The iPhone 17 camera system in a range of colors. Apple reveals a host of iOS and iPadOS security flaws needing urgent attention - so patch now    Google Chrome app is seen on an iPhone next to Edge and other web browser apps. Microsoft is using new prompts in Edge to try and stop users from downloading Chrome. Google patches another worrying Chrome security flaw - so update now, or be at risk    Avast cybersecurity This Adobe AEM flaw is as dangerous as they come, and it's already being exploited    Cybersecurity ensures data protection on internet. Data encryption, firewall, encrypted network, VPN, secure access and authentication defend against malware, hacking, cyber crime and digital threat Watch out, these malicious Android apps have been downloaded 42 million times - and could leave you seriously out of pocket    SAP Building SAP fixes serious security issues - here's how to stay safe    Latest in Security Representational image of a cybercriminal Glassworm returns once again with a third round of VS code attacks    Secure technology. Polygonal wireframe shield with check mark sign on dark blue. Secure service, protect data, cyber shield, antivirus solution, internet safety, firewall system, privacy Swiss government urges people to ditch Microsoft 365 and others due to lack of proper encryption    Dark Web monitoring South Korean ecommerce giant Coupang suffers huge data breach - over 33 million accounts affected, here's what we know    Man looking at smartphone Android malware Albiriox abuses 400+ financial apps in on-device fraud and screen manipulation attacks    Calendar page pinned in a calender on date business meeting schedule Careful! That calendar notification could be loaded with malware - here's how to stay safe    A concept image showing smart industry, data exchange, cloud computing, and the Internet of Things. Security researcher uncovers 17,000 secrets in public GitLab repositories    Latest in News What is the Monachy for? How to watch What is the Monachy for? on BBC iplayer (it's *FREE*)    An Android phone being held in the hand 107 Android flaws just got patched by Google - here's how to make sure you're up to date    PS5 DualSense x Gensin Impact A new Genshin Impact DualSense controller has been revealed and it's gorgeous – here's when you can preorder it    AI AWS wants to make your AI agents more intelligent and more human    Cloud AWS thinks it has the answer to your multi-cloud interoperability issues    JavaScript code on a computer screen AWS wants to take the strain out of modernizing all your old code - and ending tech debt quicker than ever before    LATEST ARTICLES
  1. 1107 Android flaws just got patched by Google - here's how to make sure you're up to date
  2. 2This pCloud bundle has everything you need to secure your storage for life - and it's only on sale for Cyber Monday
  3. 3Troll 2 and Guillermo Del Toro's Frankenstein are the 'perfect fit', says Monsterverse director
  4. 4Glassworm returns once again with a third round of VS code attacks
  5. 5Black Friday is over but you can still claim a massive discount on one of the best password managers out there

Related Articles

You can use Samsung Galaxy Z Trifold as a desktop without an external monitor

393 views

Best Samsung holiday deals on Amazon right now: phones, TVs, laptops and more

671 views

 B.C., Alberta among provinces seeing largest drops in homicides: report

B.C., Alberta among provinces seeing largest drops in homicides: report

380 views

 The six warmest holiday destinations in Spain for winter sun

The six warmest holiday destinations in Spain for winter sun

731 views
Previous
Google’s latest Android feature could let your boss read your RCS texts on your work phone
Next
How to watch What is the Monachy for? on BBC iplayer (it's *FREE*)