Google just fixed 107 security flaws including two zero-days — update your Android phone right now

News
By published

These bugs can cause all sorts of havoc on your mobile device

Google Pixel 10 Pro XL hands-on.
(Image credit: Tom's Guide / John Velasco)

This week Google issued fixes for 107 total security vulnerabilities, including two zero-day flaws, with the release of its Android Security Bulletin December 2025. The two high severity bugs, which have been actively exploited in the wild, are CVE-2025-48633, which is an information disclosure bug, and CVE-2025-48572, which is an elevation of privilege issue. Another critical bug that was fixed this month is CVE-2025-48631 which is a DoS (denial-of-service) flaw in the Android Framework.

The two highlighted vulnerabilities affect Android versions 13 through 16, and while Google in typical fashion has not shared details about any related technical or exploitation issues, it is understood that flaws like this have previously been used by commercial spyware for targeted exploitation and focus on high-value individuals. December’s updates include 51 flaws addressed in the Android Framework and System components, and 56 bugs in the Kernel and third-party components; there are also four critical severity fixes for elevation of privilege flaws.

How to keep your Android device protected

A hand holding a phone securely logging in

(Image credit: Google)

Zero-day flaws like this are exactly the reason we encourage users to keep their operating systems and devices up-to-date. Taking advantage of Google Play Protect is a good to way to make sure your Android device can detect and block known malware and malicious apps, so ensure that this free, built-in security app is enabled and that your phone or tablet is up to date. Additionally, if you're using an older smartphone, you should absolutely consider switching to a newer device to ensure that you're able to get the most recent updates and support.

For an additional layer of security, you can use one of the best Android antivirus apps alongside Google Play Protect as they can scan your phone for malware, alert you regarding apps that could be a security risk and protect you from phishing attempts.

Although such a high number of vulnerabilities getting patched might raise concerns about Android overall, this is actually a good thing. Just like Microsoft does each month with its Patch Tuesday updates, Google releases its Android security patches every month too. However, it's up to you to install them and if you want the latest security patches as soon as they become available, you're going to want to switch to one of the search giant's own Google Pixel phones.

Google News

Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.

More from Tom's Guide

Amber Bouman
Amber Bouman
Senior Editor Security

Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps. 

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.