Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
This week Google issued fixes for 107 total security vulnerabilities, including two zero-day flaws, with the release of its Android Security Bulletin December 2025. The two high severity bugs, which have been actively exploited in the wild, are CVE-2025-48633, which is an information disclosure bug, and CVE-2025-48572, which is an elevation of privilege issue. Another critical bug that was fixed this month is CVE-2025-48631 which is a DoS (denial-of-service) flaw in the Android Framework.
The two highlighted vulnerabilities affect Android versions 13 through 16, and while Google in typical fashion has not shared details about any related technical or exploitation issues, it is understood that flaws like this have previously been used by commercial spyware for targeted exploitation and focus on high-value individuals. December’s updates include 51 flaws addressed in the Android Framework and System components, and 56 bugs in the Kernel and third-party components; there are also four critical severity fixes for elevation of privilege flaws.
How to keep your Android device protected
Zero-day flaws like this are exactly the reason we encourage users to keep their operating systems and devices up-to-date. Taking advantage of Google Play Protect is a good to way to make sure your Android device can detect and block known malware and malicious apps, so ensure that this free, built-in security app is enabled and that your phone or tablet is up to date. Additionally, if you're using an older smartphone, you should absolutely consider switching to a newer device to ensure that you're able to get the most recent updates and support.
For an additional layer of security, you can use one of the best Android antivirus apps alongside Google Play Protect as they can scan your phone for malware, alert you regarding apps that could be a security risk and protect you from phishing attempts.
Although such a high number of vulnerabilities getting patched might raise concerns about Android overall, this is actually a good thing. Just like Microsoft does each month with its Patch Tuesday updates, Google releases its Android security patches every month too. However, it's up to you to install them and if you want the latest security patches as soon as they become available, you're going to want to switch to one of the search giant's own Google Pixel phones.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
