This week Google issued fixes for 107 total security vulnerabilities, including two zero-day flaws, with the release of its Android Security Bulletin December 2025. The two high severity bugs, which have been actively exploited in the wild, are CVE-2025-48633, which is an information disclosure bug, and CVE-2025-48572, which is an elevation of privilege issue. Another critical bug that was fixed this month is CVE-2025-48631 which is a DoS (denial-of-service) flaw in the Android Framework.
The two highlighted vulnerabilities affect Android versions 13 through 16, and while Google in typical fashion has not shared details about any related technical or exploitation issues, it is understood that flaws like this have previously been used by commercial spyware for targeted exploitation and focus on high-value individuals. December’s updates include 51 flaws addressed in the Android Framework and System components, and 56 bugs in the Kernel and third-party components; there are also four critical severity fixes for elevation of privilege flaws.
You may like
How to keep your Android device protected
(Image credit: Google)
Zero-day flaws like this are exactly the reason we encourage users to keep their operating systems and devices up-to-date. Taking advantage of Google Play Protect is a good to way to make sure your Android device can detect and block known malware and malicious apps, so ensure that this free, built-in security app is enabled and that your phone or tablet is up to date. Additionally, if you’re using an older smartphone, you should absolutely consider switching to a newer device to ensure that you’re able to get the most recent updates and support.
For an additional layer of security, you can use one of the best Android antivirus apps alongside Google Play Protect as they can scan your phone for malware, alert you regarding apps that could be a security risk and protect you from phishing attempts.
Although such a high number of vulnerabilities getting patched might raise concerns about Android overall, this is actually a good thing. Just like Microsoft does each month with its Patch Tuesday updates, Google releases its Android security patches every month too. However, it’s up to you to install them and if you want the latest security patches as soon as they become available, you’re going to want to switch to one of the search giant’s own Google Pixel phones.
Follow Tom’s Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
More from Tom’s Guide
Today’s best Bitdefender Mobile Security deals
