{"id":297840,"date":"2025-12-04T02:46:23","date_gmt":"2025-12-04T02:46:23","guid":{"rendered":"https:\/\/www.newsbeep.com\/uk\/297840\/"},"modified":"2025-12-04T02:46:23","modified_gmt":"2025-12-04T02:46:23","slug":"107-android-flaws-just-got-patched-by-google-heres-how-to-make-sure-youre-up-to-date","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/uk\/297840\/","title":{"rendered":"107 Android flaws just got patched by Google – here’s how to make sure you’re up to date"},"content":{"rendered":"

Google patched 100+ Android flaws across System, Kernel, and Framework componentsTwo zero-days (CVE-2025-48633, CVE-2025-48572) exploited in spyware and surveillance campaignsCritical DoS bug (CVE-2025-48631) also fixed; users urged to update immediately<\/p>\n

Earlier this week, Google<\/a> released a new security update for the Android<\/a> ecosystem, patching more than 100 different security flaws.<\/p>\n

These bugs were found in various components such as System, Kernel, and Framework, and affected different manufacturers including Arm<\/a>, MediaTek, and Qualcomm.<\/p>\n

<\/p>\n

Among them are two high-severity vulnerabilities in Framework that are apparently being abused in the wild. They are tracked as CVE.2025-48633, and CVE-2025-48572, and are described as an information disclosure flaw and an elevation of privilege flaw.<\/p>\n

Best picks for you<\/p>\n

<\/p>\n

Google did not share many details about the bugs, other than the fact that they affect Android versions 13, 14, 15, 16, and they \u201cmay be under limited, targeted exploitation\u201d. However, according to CyberInsider<\/a>, this is standard Google phrasing for \u201czero-days leveraged in spyware operations or state-sponsored surveillance campaigns.\u201d<\/p>\n

The same publication also says that similar zero-days have been exploited in the past by commercial spyware<\/a> vendors such as NSO Group, Candiru, and Intellexa.<\/p>\n

\u201cElevation of privilege (EoP) vulnerabilities, like CVE-2025-48572, are particularly useful in these attacks to gain deeper access after an initial foothold, while information disclosure flaws, such as CVE-2025-48633, are often used to leak sensitive system memory or defeat sandboxing protections,\u201d it claims.<\/p>\n

While these two are important, they are not the only dangerous flaws on the list. Google also addressed a critical vulnerability in Framework, tracked as CVE-2025-48631 which, if abused, can result in remote denial-of-service (DoS). This bug does not require additional execution privileges to be exploited.<\/p>\n

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!<\/p>\n

The fix is split in two levels (2025-12-01 and 2025-12-05), allowing device manufacturers to address parts of the flaws, and thus move faster. If you are an Android user, and the device prompted you to install the update, make sure to do so as soon as possible.<\/p>\n

Earlier this year, Google fixed two bugs in the Linux Kernel that were also exploited in the wild – CVE-2025-38352, and CVE-2025-48543.<\/p>\n

Via The Hacker News<\/a><\/p>\n

\"Best<\/p>\n

The best antivirus for all budgets<\/p>\n

Our top picks, based on real-world testing and comparisons<\/p>\n

Follow TechRadar on Google News<\/a> and add us as a preferred source<\/a> to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!<\/p>\n

And of course you can also follow TechRadar on TikTok<\/a> for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp<\/a> too.<\/p>\n