- Google patched 100+ Android flaws across System, Kernel, and Framework components
- Two zero-days (CVE-2025-48633, CVE-2025-48572) exploited in spyware and surveillance campaigns
- Critical DoS bug (CVE-2025-48631) also fixed; users urged to update immediately
Earlier this week, Google released a new security update for the Android ecosystem, patching more than 100 different security flaws.
These bugs were found in various components such as System, Kernel, and Framework, and affected different manufacturers including Arm, MediaTek, and Qualcomm.
Among them are two high-severity vulnerabilities in Framework that are apparently being abused in the wild. They are tracked as CVE.2025-48633, and CVE-2025-48572, and are described as an information disclosure flaw and an elevation of privilege flaw.
State-sponsored and commercial actors
Google did not share many details about the bugs, other than the fact that they affect Android versions 13, 14, 15, 16, and they “may be under limited, targeted exploitation”. However, according to CyberInsider, this is standard Google phrasing for “zero-days leveraged in spyware operations or state-sponsored surveillance campaigns.”
The same publication also says that similar zero-days have been exploited in the past by commercial spyware vendors such as NSO Group, Candiru, and Intellexa.
“Elevation of privilege (EoP) vulnerabilities, like CVE-2025-48572, are particularly useful in these attacks to gain deeper access after an initial foothold, while information disclosure flaws, such as CVE-2025-48633, are often used to leak sensitive system memory or defeat sandboxing protections,” it claims.
While these two are important, they are not the only dangerous flaws on the list. Google also addressed a critical vulnerability in Framework, tracked as CVE-2025-48631 which, if abused, can result in remote denial-of-service (DoS). This bug does not require additional execution privileges to be exploited.
The fix is split in two levels (2025-12-01 and 2025-12-05), allowing device manufacturers to address parts of the flaws, and thus move faster. If you are an Android user, and the device prompted you to install the update, make sure to do so as soon as possible.
Earlier this year, Google fixed two bugs in the Linux Kernel that were also exploited in the wild - CVE-2025-38352, and CVE-2025-48543.
Via The Hacker News
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
