Google fixes two Android zero days exploited in attacks, 107 flaws
Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks.
The two high-severity vulnerabilities are tracked as CVE-2025-48633 and CVE-2025-48572. They are information disclosure and elevation-of-privilege issues, respectively, affecting Android versions 13 through 16.
While Google has not shared any technical or exploitation details about the flaws, similar flaws in the past were used for targeted exploitation by commercial spyware or nation-state operations targeting a small number of high-interest individuals.
To read the complete article see: Google fixes two Android zero days exploited in attacks, 107 flaws
This post is licensed under CC BY 4.0 by the author.