Google Fixes 107 Android Vulnerabilities In Major Security Update

Android users need to be checking their devices for available updates after Google’s recent security bulletin listed 107 security flaws in the mobile operating system, which will be fixed in the security patches of 2025-12-05 or later. Two in particular are concerning, as the company has seen these vulnerabilities being actively exploited, although only in a “limited, targeted” manner.

One of the exploited flaws, labeled as CVE-2025-48633, is an information disclosure vulnerability found in the Framework component of Android. Attackers can leverage this flaw to gain access to a user’s data without needing the necessary privileges to do so. This flaw is found in Android 13, 14, 15 and 16.


The other already exploited flaw has been tagged as CVE-2025-48572, which is an elevation of privilege vulnerability that’s also found in the Framework component. A malicious actor can abuse this flaw to obtain elevated privileges, such as admin or root access, giving the attacker more control over the device. This flaw affects Android 13 and later.

It’s a bit jarring to see this many vulnerabilities being disclosed in just one security bulletin. However, the company has recently switched to providing these reports on a quarterly basis, which might explain the high count. Future reports will provide more context as to whether this initial release is an anomaly or if it’s business as usual.

To check if your device is running the latest updates, go to “Settings,” then “System,” and tap on “Software Update.” For those who are running older versions of Android, tap on “Google Play system update.” It’s worth checking for updates on older devices because Google mentions that some patches will be made available for devices running Android 10 and later.