Google releases security update for Android that fixes two zero-day vulnerabilities already exploited in limited attacks. The measure, announced on December 1, 2025, affects the system framework and requires immediate application by all users. The bulletin includes more than 100 fixes, prioritizing devices with Android versions 13 to 16. Fabricantes of terminals receive the source code within 48 hours for distribution.
These flaws, identified as CVE-2025-48633 and CVE-2025-48572, allow disclosure of sensitive information and privilege escalation without extra privileges. Ataques occur in a remote and targeted manner, possibly linked to advanced spyware. Usuários of Pixel receive the patch first, while other OEMs follow a variable schedule.
Details of exploited vulnerabilities
CVE-2025-48633 poses a risk of data exposure in the framework, impacting recent versions of Android. Essa flaw allows attackers to access protected content without user interaction. Relatos indicate use in specific campaigns against selected targets.
CVE-2025-48572 facilitates increased access, allowing greater control over the device after the initial breach. Ambas receive a high severity rating, with a CVSS score of around 7.4 for the second. Google confirms signs of active exploitation, but avoids details so as not to assist criminals.
Manufacturers must integrate fixes into patch levels 2025-12-01 and 2025-12-05. Dispositivos upgraded to these levels eliminates the associated risks.
Monthly update scope
The December 2025 bulletin fixes 107 flaws in total, divided between components such as framework, system and kernel. Dentre of them, 37 affect the framework, including a critical CVE-2025-48631 that causes remote denial of service. Outras 14 touch the system, focusing on inadequate input validation.
Kernel patches total nine items, four of them critical in subcomponents such as Pkvm and UOMMU. Third-party Atualizações, such as Qualcomm and MediaTek, address crashes in closed drivers. Essa represents the second largest number of corrections in the year, in line with the quarterly policy of Google.
Devices with Google Mobile Services activate extra protections via Play Protect, which scans apps from external sources.
Impact on Pixel devices
Pixel receives the update directly via OTA, with initial rollout on December 1, 2025. Usuários check the security status on Configurações > Sobre the phone > Atualizações.
- Framework fixes eliminate remote DoS risks.
- Kernel patches strengthen process isolation.
- Functional improvements resolve instabilities reported in previous builds.
Firmware images are available on the Google developer site for custom builds. Todos supported models, from Pixel 6 onwards, receive the release without delays.
Distribution to other manufacturers
Samsung starts rollout for Galaxy A34 5G, but expansion to the entire line takes up to a month. Outros OEMs, such as Motorola and Nokia, follow the quarterly schedule of Google, prioritizing Q4 2025. CISA adds CVEs to the KEV catalog within 48 hours, forcing federal agencies to update.
- OEMs access source code via private repositories.
- OTA updates vary by region and carrier.
- Legacy devices may require manual sideloading.
It is recommended to avoid apps from unofficial sources until full application.
Essential preventive measures
Enable automatic updates on all Androids to receive patches without delay. Google Play Protect monitors threats in real time, blocking suspicious downloads. Evite clicks on unknown links, common in phishing attacks that exploit similar flaws.
To check, go to Configurações and search for “Security patch level”. If dated before December 2025, force manual search. Dispositivos without official support face greater risks and deserve evaluation for replacement.
- Keep the system and apps updated via Play Store.
- Use reliable VPN on public networks.
- Perform regular backups of sensitive data.
These practices reduce exposure to targeted exploits common in espionage scenarios.
Evolution of security policies
Google adopts a quarterly model for comprehensive updates, relieving intermediate months. Dezembro 2025 marks the peak of corrections, with a focus on zero-days. Essa strategy balances speed and stability, ensuring that 90% of active devices are patched within 90 days.
Kernel and third-party components receive extra attention, with four critical fixes in Qualcomm. MediaTek publishes parallel bulletins for integrated chips. The process reflects learning from past incidents, such as exploits in September 2025.
Enterprise users integrate MDM for forced distribution, minimizing windows of vulnerability.
Affected versions and compatibility
Failures impact Android 13, 14, 15 and 16, covering the majority of devices in use. Earlier Versões, like 12, escape but lack general support. Atualização for 2025-12-05 resolves all 107 issues, including kernel issues released on December 5th.
- Android 13: Correções for framework and system.
- Android 14: Additional Patches in drivers.
- Android 15/16: Integração complete with Play system updates.
Manufacturers test compatibility before rollout, avoiding functional regressions.
