Google Releases December 2025 Android Security Update
Google Releases December 2025 Android Security Update: Multiple Critical Vulnerabilities Patched, Evidence of Active Exploitation
- Linux Kernel Removes strncpy After Six Years and 362 Patches
- Linux Kernel Drops 40-Year-Old AppleTalk Protocol — AI-Generated Patch Flood Was the Last Straw
- Apple’s Native Linux Container Tool Has Arrived — But Can It Really Replace Docker?
- 60% of MD5 Password Hashes Can Be Cracked in Under an Hour with a Single GPU
- Dirty Frag: Root Access on Every Major Linux Distribution — No Patch, No Warning
Google Releases December 2025 Android Security Update: Multiple Critical Vulnerabilities Patched, Evidence of Active Exploitation
Google has released its December 2025 Android security bulletin (ASB) on December 1st, marking another quarterly major security update for the Android operating system.
The update addresses numerous vulnerabilities, including several rated as “Critical” severity, with evidence suggesting that some have already been exploited in targeted attacks.
Two-Tier Security Patch StructureAndroid’s security update system continues to use a two-tier approach, with patches released as “2025-12-01” and “2025-12-05” security levels. This structure allows device manufacturers to roll out critical fixes more quickly by addressing common vulnerabilities first, with more comprehensive patches following later.
The initial patch level resolves 37 Framework vulnerabilities and 14 System defects, while the second patch addresses nine kernel vulnerabilities along with component-specific issues from various hardware manufacturers.
Has Your iPhone or Android Phone Been Hacked?
Critical Vulnerabilities and Active Exploitation
The December 2025 update addresses a total of 107 vulnerabilities across Android’s various components. Among these, several stand out for their severity and potential impact.
The most critical flaw, CVE-2025-48631, affects the Android Framework and enables remote denial-of-service attacks without requiring additional privileges. This vulnerability poses a significant risk as attackers can exploit it without needing physical access to the device or user interaction.
More concerning is the confirmation that two high-severity flaws—CVE-2025-48633 and CVE-2025-48572—have been used in targeted attacks. Both vulnerabilities affect the Android Framework component and impact Android versions 13 through 16.
CVE-2025-48633 involves improper input validation allowing local applications to access sensitive information, while CVE-2025-48572, with a CVSS score of 7.4, enables arbitrary code execution through improper input validation. Google’s phrasing suggests both flaws may have been exploited by commercial spyware vendors, similar to previous state-sponsored surveillance campaigns.
Lost iPhone “Found” Notification Scam: How to Avoid Falling for Fake Apple Alerts
Comprehensive Security Fixes Across Components
Beyond the Framework vulnerabilities, the December update includes extensive patches for hardware-specific components:
The 2025-12-05 patch level addresses critical kernel-level vulnerabilities including CVE-2025-48623, CVE-2025-48637, and CVE-2025-48638. These local elevation of privilege vulnerabilities affect pKVM, the protected hypervisor used in Android virtualization, highlighting Google’s focus on securing advanced security features.
The update also patches vulnerabilities in components from major chipset manufacturers: 17 MediaTek vulnerabilities, 13 Unisoc component flaws, 35 Qualcomm issues (including two rated Critical), four Imagination Technologies bugs, and two Arm component defects.
How Close Are Quantum Computers to Breaking RSA-2048?
Update Deployment and User Action
Devices using the 2025-12-05 security patch level or later contain fixes for all vulnerabilities in the December bulletin and all previous patches. However, the fragmented nature of the Android ecosystem means update availability varies significantly by manufacturer and carrier.
Google Pixel devices typically receive updates within days of bulletin publication, while other manufacturers may take weeks to adapt and deploy patches for their specific hardware. Samsung has already released a maintenance update for major flagship models including patches for CVE-2025-48633, and other manufacturers are expected to follow suit.
Users should check their device’s security patch level by navigating to Settings > About Phone > Software Updates (exact path may vary by manufacturer). Given the active exploitation of two vulnerabilities, updating to the latest available security patch is critically important for all Android users.
The December 2025 bulletin represents one of the larger security updates this year, consistent with Google’s recent shift to a quarterly reporting cycle for comprehensive security information. This contrasts with October and November bulletins, which contained far fewer vulnerabilities.
As Android remains the world’s most widely deployed mobile operating system, these security updates underscore the ongoing challenge of protecting billions of devices against sophisticated threats, particularly when state-sponsored actors and commercial spyware vendors actively exploit vulnerabilities in targeted campaigns.
Google Releases December 2025 Android Security Update: Multiple Critical Vulnerabilities Patched, Evidence of Active Exploitation
Reference source:
Android Security Bulletin—December 2025
