This week Google issued fixes for 107 total security vulnerabilities, including two data-analytics-id=”inline-link” href=”https://www.tomsguide.com/phones/android-phones/google-just-fixed-46-security-flaws-including-an-actively-exploited-zero-day-update-your-android-phone-now” data-mrf-recirculation=”inline-link” data-before-rewrite-localise=”https://www.tomsguide.com/phones/android-phones/google-just-fixed-46-security-flaws-including-an-actively-exploited-zero-day-update-your-android-phone-now”>zero-day flaws, with the release of its data-analytics-id=”inline-link” href=”https://source.android.com/docs/security/bulletin/2025-12-01″ target=”_blank” data-url=”https://source.android.com/docs/security/bulletin/2025-12-01″ referrerpolicy=”no-referrer-when-downgrade” data-hl-processed=”none” data-mrf-recirculation=”inline-link”>Android Security Bulletin December 2025. The two high severity bugs, which have been actively exploited in the wild, are CVE-2025-48633, which is an information disclosure bug, and CVE-2025-48572, which is an elevation of privilege issue. Another critical bug that was fixed this month is CVE-2025-48631 which is a DoS (denial-of-service) flaw in the Android Framework.
The two…
