Google Fixes 107 Android Flaws

We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details.

Google has released patches for a 107 vulnerabilities today, but cybercriminals were already exploiting two critical flaws before the fixes arrived.

The December security bulletin revealed that attackers had been conducting “limited, targeted exploitation” of framework vulnerabilities affecting billions of Android devices.

This wasn’t just another routine security update—it represents one of the most comprehensive Android patches ever released.

In Google’s bulletin, these actively exploited vulnerabilities could enable unauthorized data access and elevated device privileges without requiring any user interaction.

Revelations

The most disturbing revelations center on CVE-2025-48633 and CVE-2025-48572—two high-severity framework vulnerabilities that cybercriminals discovered and weaponized before patches became available. The ...