- Google has fixed more than 100 Android bugs across system, kernel and framework components
- Two zero-days (CVE-2025-48633, CVE-2025-48572) exploited in spyware and surveillance campaigns
- Critical DoS bug (CVE-2025-48631) was also fixed; users are encouraged to update immediately
Earlier this week, Google released a new security update to the Android ecosystem that fixes more than 100 different security flaws.
These bugs were found in various components such as System, Kernel and Framework, and affected various manufacturers including Arm, MediaTek and Qualcomm.
Among them are two serious vulnerabilities in the Framework that are apparently being exploited in the wild. They are tracked as CVE.2025-48633 and CVE-2025-48572 and are described as an information disclosure and elevation of privilege flaw.
Google didn’t share many details about the bugs, other than the fact that they affect Android versions 13, 14, 15, 16 and they “may be under limited, targeted exploitation.” However, according to CyberInsiderthis is standard Google phrasing for “zero days exploited in spyware operations or state-sponsored surveillance campaigns.”
The same publication also says that similar zero-days have been exploited in the past by commercial spyware vendors such as NSO Group, Candiru and Intellexa.
“Elevation of privilege (EoP) vulnerabilities, such as CVE-2025-48572, are particularly useful in these attacks to gain deeper access after an initial foothold, while information flaws, such as CVE-2025-48633, are often used to leak sensitive system memory or defeat sandbox protections.
While these two are important, they are not the only dangerous mistakes on the list. Google also addressed a critical vulnerability in the Framework, tracked as CVE-2025-48631, which, if exploited, could result in remote denial-of-service (DoS). This bug does not require additional execution rights to be exploited.
The fix is divided into two levels (2025-12-01 and 2025-12-05), which allows device manufacturers to fix parts of the bugs and thus move faster. If you are an Android user and the device asked you to install the update, make sure to do it as soon as possible.
Earlier this year, Google fixed two bugs in the Linux kernel that were also exploited in the wild – CVE-2025-38352 and CVE-2025-48543.
Via Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
