Security News Google addresses 107 Android vulnerabilities, including two zero-days

[Miravi]

Content source

https://cyberscoop.com/android-security-update-december-2025/

Google disclosed two actively exploited zero-day vulnerabilities Monday, which it addressed among a total of 107 defects in the company’s monthly security update for Android devices.

The zero-days — CVE-2025-48633 and CVE-2025-48572 — are both high-severity defects affecting the Android framework, which attackers can exploit to access information and escalate privileges, respectively. Google said both vulnerabilities, which had not been added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog as of Monday afternoon, may be under limited, targeted exploitation.

Google’s public vulnerability disclosure and reporting program for Android has been uneven this year. While the company typically issues dozens of security patches each month, Google reported no vulnerabilities in July and October, just six in August and two vulnerabilities in November.

Google did not respond to questions about the occasional lulls in vulnerability disclosure and hasn’t described any changes to its process that might explain the lower numbers in some months this year.

The company’s latest security update contains the second-highest number of vulnerabilities patched so far this year, followed by the 120 defects it addressed in September.

Google addresses 107 Android vulnerabilities, including two zero-days

The company’s latest security update contains the second-highest number of defects patched so far this year.

cyberscoop.com

 

[Divine_Barakah]

I'm still on September security Patch.

Nothing Phone 2

 

[Zero Knowledge]

Really if your on Android you probably need a Pixel of some sort for quick and prompt firmware updates. Samsung comes close but the rest are

 

[Divine_Barakah]

I've just received a 3.6 GB update! I'm not sure if this a new Android version or just the security Patch.