Android Hit by Live Exploits; Google Issues Massive 107-Patch Update

Google issued monthly security upgrades for the Android operating system, which included two vulnerabilities that it said had been exploited in the wild.

The patch resolves 107 security weaknesses across multiple components, including Framework, System, Kernel, and those from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison.

The two critical flaws that were exploited are CVE-2025-48633, an information disclosure vulnerability and CVE-2025-48572, an elevation of privilege susceptibility in Framework.

As is customary, Google has not disclosed any additional information on the nature of the attacks, how they were exploited, whether they were chained together or employed individually, or the scope of such attempts. It is unclear who is behind the attacks.

However, the IT behemoth recognized in its alert that there are signs that they may be subject to limited, targeted misuse.

Google also addressed a major vulnerability in the Framework component (CVE-2025-48631), which might result in remote denial-of-service (DoS) with no extra execution capabilities required.

The December security bulletin includes two patch levels, 2025-12-01 and 2025-12-05, which allow device manufacturers to address a subset of vulnerabilities that are common to all Android devices more rapidly. Users are advised to update their devices to the most recent patch level as soon as they are published.

The development comes three months after the business released remedies to address two actively exploited weaknesses in the Linux Kernel (CVE-2025-38352, CVSS score: 7.4) and Android Runtime (CVE-2025-48543, CVSS score: 7.4) that might lead to local privilege escalation.