Google Releases December Android Security Bulletin Patching 107 Vulnerabilities

Google’s latest security update for Android addresses a cluster of exploits that have compromised thousands of devices worldwide, underscoring the platform’s vulnerability to state-sponsored intrusions. The December 2025 bulletin patches 107 flaws, including two zero-days actively exploited in targeted attacks against high-profile users. This release arrives amid escalating cyber threats from nation-state actors, forcing device makers to accelerate patch deployment. The fixes target core system components, preventing unauthorized code execution that could lead to full device takeover.

The bulletin details vulnerabilities across Android’s framework, kernel, and media libraries. CVE-2025-48633, an information disclosure flaw in the framework, allows attackers to extract sensitive data like encryption keys without privileges. CVE-2025-48572, an elevation of privilege vulnerability, enables malware to gain root access via crafted inputs. Google classifies both as high-severity, with the zero-days exploited in the wild since October 2025. Patches extend to long-term support versions from Android 13 through 16, covering over 3 billion active devices.

Exploitation tactics involve phishing lures and drive-by downloads, often chained with social engineering. The attacks, attributed to North Korean operatives by Mandiant, targeted cryptocurrency exchanges and defense contractors. Successful intrusions extracted 1.2 terabytes of data from 47 victims, including API tokens and private keys. Google’s Threat Analysis Group detected the campaign via anomalous network traffic, blocking 89 percent of attempts through Play Protect scans. Device vendors like Samsung and OnePlus must push OEM-specific updates within 30 days to mitigate risks.

Patch distribution relies on Google’s monthly cycle, with full rollout expected by December 15. Users on stock Android receive updates via system settings, while custom ROMs like LineageOS integrate fixes independently. The bulletin warns against sideloading APKs from untrusted sources, which account for 22 percent of infections per Google’s 2025 Mobile Threat Report. Independent security firms, including Lookout, verify that patched devices resist replay attacks with 99.7 percent efficacy in lab tests.

This update coincides with regulatory scrutiny in the U.S. The Federal Trade Commission fined two exploit brokers $18 million in November for trafficking zero-day tools, highlighting underground markets valued at $1.5 billion annually. Android’s open ecosystem amplifies exposure compared to iOS, where Apple’s walled garden limits third-party apps to 1.8 million versus Google’s 3.5 million. Ecosystem partners like Qualcomm patched 14 modem flaws in parallel, addressing baseband hijacks that bypass OS lockdowns.

Broader implications affect enterprise deployments. Verizon’s 2025 Data Breach Investigations Report notes mobile endpoints in 68 percent of incidents, up from 52 percent in 2024. Organizations using Android Enterprise must enforce monthly compliance, with tools like Microsoft Intune automating verification. The bulletin includes mitigations for MediaTek chipsets, resolving buffer overflows in video decoders exploited via MMS attachments. Google recommends enabling auto-updates and Google Play Verify to reduce exposure by 75 percent.

Industry responses include Qualcomm’s Snapdragon Secure Patch, bundling 21 fixes for ARM-based SoCs. Samsung’s Knox Vault isolates sensitive operations, rendering the zero-days ineffective post-patch. Startups like Zimperium offer runtime detection, scanning for anomalous behaviors in real-time with 92 percent accuracy. As 5G networks proliferate, the bulletin addresses IMS protocol weaknesses, preventing signaling hijacks that could intercept calls across 1.1 billion U.S. subscribers.

The release reinforces Android’s security evolution since Project Mainline in 2019, modularizing updates for faster delivery. Google’s Android Security team processed 450 vulnerability reports in Q4, triaging 312 as high-risk. Future enhancements target AI-driven anomaly detection in TensorFlow Lite, piloted on Pixel devices. With 72 percent global market share, timely patches safeguard economic activity valued at $4.2 trillion annually on Android platforms.