Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Google's Latest Android Security Update Addresses Two Actively Exploited Flaws


Google's latest Android security update addresses two actively exploited flaws in the Framework component, as well as several critical vulnerabilities in the kernel and closed-source components. This update is a must-have for all Android users to protect their devices from exploitation.

  • Google has released a security update that fixes 107 vulnerabilities across multiple components of the Android operating system.
  • The update addresses two high-severity elevation of privilege vulnerabilities (CVE-2025-48572) and an information disclosure vulnerability (CVE-2025-48633).
  • Additional critical vulnerabilities in the kernel component and Qualcomm's closed-source components have also been addressed.
  • Exploiting these vulnerabilities could potentially allow attackers to access sensitive data or gain elevated privileges on a device.
  • Users are urged to keep their devices up-to-date with the latest security patches to protect against exploitation of these vulnerabilities.



    • Android users, beware! The latest security update from Google has fixed 107 vulnerabilities across multiple components of the Android operating system. This update is particularly noteworthy as it addresses two vulnerabilities that have been actively exploited in the wild. These exploits pose significant risks to device security and user privacy.

    The first vulnerability, identified as CVE-2025-48572, is a high-severity elevation of privilege vulnerability in the Framework component. This means that an attacker could potentially exploit this vulnerability to gain elevated privileges on a device, allowing them to access sensitive data or perform malicious actions without being detected.

    The second vulnerability, identified as CVE-2025-48633, is another high-severity information disclosure vulnerability in the Framework component. This vulnerability allows attackers to leak sensitive information about the device, including its kernel and other components, which could be used for further exploitation.

    Google's update addresses these two vulnerabilities by providing a patch that fixes the issues and reduces the risk of exploitation. However, it is worth noting that Google did not provide technical details about the attacks exploiting these vulnerabilities, likely due to concerns about revealing sensitive information that could be used by attackers.

    In addition to addressing these two high-severity vulnerabilities, the update also addresses several critical vulnerabilities in the kernel component. These vulnerabilities, identified as CVE-2025-48623 and CVE-2025-48637, are related to issues with device memory management (DMEM) and kernel privileges. Exploiting these vulnerabilities could potentially allow attackers to access sensitive data or gain elevated privileges on a device.

    Qualcomm's closed-source components also received attention in this update, with several critical vulnerabilities addressed. These vulnerabilities include CVE-2025-47319 and CVE-2025-47372, which relate to issues with device kernel management and privilege escalation.

    The most severe of these vulnerabilities is the critical security vulnerability in the Framework component (CVE-2025-48572). According to Google's advisory, this vulnerability could lead to a remote denial of service on a device, with no additional execution privileges needed. This means that an attacker could potentially exploit this vulnerability to take control of a device without needing physical access or administrative privileges.

    In light of these updates, it is essential for Android users to keep their devices up-to-date and install the latest security patches as soon as they become available. This will help protect against exploitation of these vulnerabilities and reduce the risk of device compromise.

    The cyber threat landscape continues to evolve, with new vulnerabilities and exploits emerging all the time. As a result, it is crucial for individuals and organizations to stay informed about the latest security updates and best practices for protecting themselves against cyber threats.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/Googles-Latest-Android-Security-Update-Addresses-Two-Actively-Exploited-Flaws-ehn.shtml

  • https://securityaffairs.com/185226/security/googles-latest-android-security-update-fixes-two-actively-exploited-flaws.html

  • https://nvd.nist.gov/vuln/detail/CVE-2025-48572

  • https://www.cvedetails.com/cve/CVE-2025-48572/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-48633

  • https://www.cvedetails.com/cve/CVE-2025-48633/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-48623

  • https://www.cvedetails.com/cve/CVE-2025-48623/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-48637

  • https://www.cvedetails.com/cve/CVE-2025-48637/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-47319

  • https://www.cvedetails.com/cve/CVE-2025-47319/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-47372

  • https://www.cvedetails.com/cve/CVE-2025-47372/


    • Published: Tue Dec 2 04:48:18 2025 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us