Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

New Android Security Flaws: Google Patches 107 Vulnerabilities



New Android Security Flaws: Google Patches 107 Vulnerabilities
Google has released a new monthly security update for the Android operating system, which addresses a total of 107 security flaws. The patch includes fixes for two high-severity vulnerabilities that have been exploited in the wild, including CVE-2025-48633 and CVE-2025-48572. Users are recommended to update their devices to the latest patch level as soon as possible.


  • A total of 107 security flaws were addressed in Google's latest Android monthly security update, including two high-severity vulnerabilities.
  • The CVE-2025-48633 vulnerability is an information disclosure vulnerability that could result in remote denial-of-service (DoS) attacks with no additional execution privileges needed.
  • The CVE-2025-48572 vulnerability is an elevation of privilege vulnerability that could allow attackers to gain elevated access to sensitive data on a user's device.
  • 105 other security flaws were also addressed, including vulnerabilities in various Android components.



  • Google's latest monthly security update for the Android operating system has addressed a total of 107 security flaws, including two high-severity vulnerabilities that have been exploited in the wild. The patch includes fixes for CVE-2025-48633 and CVE-2025-48572, both of which are related to the Framework component.

    The CVE-2025-48633 vulnerability is an information disclosure vulnerability that could result in remote denial-of-service (DoS) attacks with no additional execution privileges needed. This means that even if a user's device is not compromised by the attacker, they may still be affected by the attack due to the widespread use of Android devices.

    The CVE-2025-48572 vulnerability is an elevation of privilege vulnerability that could allow attackers to gain elevated access to sensitive data on a user's device. This type of vulnerability can have significant consequences for users, as it allows attackers to access and manipulate personal data without their knowledge or consent.

    In addition to these two high-severity vulnerabilities, the patch also includes fixes for 105 other security flaws spanning different components, including System, Kernel, Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison. These vulnerabilities could potentially be exploited by attackers to gain access to sensitive data on Android devices, including personal identifiable information such as location data, browsing history, and login credentials.

    The patch was released as part of Google's December 2025 security update, which includes two patch levels: 2025-12-01 and 2025-12-05. These patch levels give device manufacturers flexibility to address vulnerabilities that are similar across all Android devices more quickly.

    According to the latest news from The Hacker News, this development comes just three months after Google shipped fixes to remediate two actively exploited flaws in the Linux Kernel (CVE-2025-38352, CVSS score: 7.4) and Android Runtime (CVE-2025-48543, CVSS score: 7.4) that could lead to local privilege escalation.

    It is worth noting that Google has not released any additional details about the nature of the attacks, exploiting them, if they have been chained together or used separately, and the scale of such efforts. It's not known who is behind the attacks. However, the tech giant acknowledged in its advisory that there are indications they "may be under limited, targeted exploitation."

    To minimize the risk of attack, users are recommended to update their devices to the latest patch level as soon as the patches are released.

    In conclusion, Google's latest security update for Android includes fixes for 107 security vulnerabilities, including two high-severity vulnerabilities that have been exploited in the wild. It is essential for users to keep their devices up-to-date with the latest security patches to minimize the risk of attack.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/New-Android-Security-Flaws-Google-Patches-107-Vulnerabilities-ehn.shtml

  • https://thehackernews.com/2025/12/google-patches-107-android-flaws.html

  • https://nvd.nist.gov/vuln/detail/CVE-2025-48633

  • https://www.cvedetails.com/cve/CVE-2025-48633/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-48572

  • https://www.cvedetails.com/cve/CVE-2025-48572/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-38352

  • https://www.cvedetails.com/cve/CVE-2025-38352/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-48543

  • https://www.cvedetails.com/cve/CVE-2025-48543/


    • Published: Tue Dec 2 02:15:19 2025 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us