Google Patches 120 Android Vulnerabilities, 2 Zero-Days Fixed

Android security updates zero-day vulnerabilities critical Android flaws Google security patches mobile security
Alan V Gutnov
Alan V Gutnov

Director of Strategy

 
December 2, 2025 2 min read
Google Patches 120 Android Vulnerabilities, 2 Zero-Days Fixed

TL;DR

Google's latest Android security updates tackle critical vulnerabilities and actively exploited zero-day flaws. These patches, including the December 2025 release, address defects in the framework, system, and kernel, with sources available for partners. Staying updated is crucial for mobile security against evolving cyber threats.

Android Security Updates Address Critical Vulnerabilities

Google has released several security updates for Android, addressing a range of vulnerabilities, including actively exploited zero-day flaws. These updates are crucial for maintaining the security and integrity of Android devices.

December 2025 Security Update

Google's December 2025 security update addresses a total of 107 defects. This update includes fixes for two zero-day vulnerabilities: CVE-2025-48633 and CVE-2025-48572. These high-severity defects affect the Android framework, potentially allowing attackers to access information and escalate privileges.

The most severe vulnerability in this update, CVE-2025-48631, is a critical defect in the framework that could lead to remote denial of service without requiring additional execution privileges. The update includes two patch levels: 2025-12-01 and 2025-12-05, allowing Android partners to address common vulnerabilities on different devices.

The primary security update addresses 37 vulnerabilities in the framework and 14 in the system. Additionally, the second patch addresses nine kernel vulnerabilities, including four critical ones, along with fixes for components from Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm. Source code for these fixes will be released to the Android Open Source Project repository.

September 2025 Security Update

In September 2025, Google addressed 120 Android vulnerabilities, including two zero-day vulnerabilities that were actively exploited.

The two zero-day vulnerabilities patched in the September update are:

  • CVE-2025-38352: A privilege escalation flaw in the Linux Kernel component.
  • CVE-2025-48543: A privilege escalation flaw in the Android Runtime component.

Google noted that these vulnerabilities could lead to local escalation of privilege without requiring user interaction and indicated "limited, targeted exploitation" Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack. The update also included fixes for remote code execution, privilege escalation, information disclosure, and denial-of-service vulnerabilities affecting Framework and System components. To provide flexibility, Google released two security patch levels: 2025-09-01 and 2025-09-05 shipped.

Importance of Timely Updates

Given the increasing sophistication of cyber threats, organizations must prioritize mobile security. The Pradeo Mobile Threat Defense (MTD) solution offers continuous protection by detecting suspicious behaviors, blocking malicious applications, and providing visibility into device status.

Gopher Security specializes in AI-powered, post-quantum Zero-Trust cybersecurity architecture, providing a robust defense against evolving threats. Our platform converges networking and security across devices, apps, and environments, utilizing peer-to-peer encrypted tunnels and quantum-resistant cryptography to ensure comprehensive protection.

Staying Ahead of Cyber Threats with Gopher Security

The rise in Android vulnerabilities highlights the need for advanced security solutions. Gopher Security's platform offers a comprehensive approach to cybersecurity, ensuring that your organization remains one step ahead of cybercriminals.

Explore our services and contact us to learn how Gopher Security can protect your organization from advanced cyber threats.

Alan V Gutnov
Alan V Gutnov

Director of Strategy

 

MBA-credentialed cybersecurity expert specializing in Post-Quantum Cybersecurity solutions with proven capability to reduce attack surfaces by 90%.

Related News

AI-Driven Cybersecurity Innovations: The Future of Threat Prevention
AI agents security

AI-Driven Cybersecurity Innovations: The Future of Threat Prevention

AI agents are prime targets for cyberattacks. Discover evolving threats like prompt injection & AI-powered exploits, and learn how to fortify your defenses. Read now!

By Brandon Woo January 22, 2026 5 min read
common.read_full_article
GootLoader Malware Evades Detection Using Nested ZIP Archives
GootLoader

GootLoader Malware Evades Detection Using Nested ZIP Archives

GootLoader is back with advanced tricks, using malformed ZIPs to bypass security & target businesses. Learn how to detect and defend against this threat. Protect your assets!

By Edward Zhou January 21, 2026 3 min read
common.read_full_article
WhisperPair Vulnerability: Millions of Bluetooth Devices at Risk
WhisperPair attack

WhisperPair Vulnerability: Millions of Bluetooth Devices at Risk

Millions of Bluetooth audio devices are at risk from the WhisperPair vulnerability. Learn how attackers can eavesdrop and track your devices, and what you can do to protect yourself. Update your firmware now!

By Jim Gagnard January 20, 2026 3 min read
common.read_full_article
Tech Hiring Growth: 12-15% Increase in AI and Data Jobs by 2026
India tech job market

Tech Hiring Growth: 12-15% Increase in AI and Data Jobs by 2026

India's tech job market is set for a 12-15% surge in 2026, creating 1.25 lakh roles. Discover key sectors and skills in demand. Read more!

By Edward Zhou January 19, 2026 3 min read
common.read_full_article