Follow ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- Google has rolled out its December security update.
- The update patches 107 security vulnerabilities.
- Two of the security flaws may have already been exploited.
Constantly keeping all your hardware and software updated can be a major pain in the neck. But there are some updates you shouldn’t ignore if you want to protect yourself from active security threats. That’s certainly the case with the latest Android update from Google.
December 2025 Android Security Bulletin
Released on Monday, the December 2025 Android Security Bulletin squashes a whopping 107 security bugs. Impacting all versions of Android from 13 through 16, most of the vulnerabilities have been assessed as High severity, with some ranked as Moderate. But several are considered Critical, which means they’re particularly nasty.
Also: Google just gave Android users several compelling reasons to stay (including this scam tool)
Four of the critical flaws affect the core Android kernel. An attacker who exploited any of these could obtain higher privileges or access to an infected device, allowing them to take control of it. Another critical flaw affects the Android Framework, which lets apps interface with key system services. Here, someone could execute a remote denial of service attack to prevent you from using your device properly.
But some of the flaws rated as High also pose serious threats. Among these, two may have already been exploited in targeted attacks, according to Google and CISA (Cybersecurity and Infrastructure Security Agency), which maintains a catalog of known vulnerabilities. In its own news release, CISA referred to these types of security bugs as a frequent attack vector for cybercriminals.
Also: How to clear your Android phone cache (and say goodbye to slow performance)
One such flaw, tracked as CVE-2025-48572, is described as an Android Framework privilege escalation vulnerability. In this case, an attacker could exploit the flaw to modify system settings, steal data, or control the device.
Another flaw known as CVE-2025-48633 is defined as an Android Framework information disclosure vulnerability. Also a weakness in the Android Framework, this one could allow an attacker to grab potentially private or sensitive information from the device.
CISA’s advisory is aimed at the federal government. However, the agency is also urging all organizations to reduce their exposure to cyberattacks by installing the latest update and patches.
How to update your Android
With all this in mind, how do you update your Android device? That process can vary depending on the manufacturer and model, as well as the version of the OS.
Also: Own an Android phone? 12 settings I changed to greatly extend its battery life
Your best bet is to go to Settings and search for Updates. You should find a setting for Security Update. Select that to check for updates. If one pops up, give it the OK to install. After your device restarts, the necessary patches and fixes will be in place.
Security
Editorial standards
Comments are closed.