Overview
- Google and national agencies report that two severe flaws affecting Android 13 through 16 are being actively targeted, enabling device takeover or shutdown.
- Google issued fixes dated December 1 for CVE-2025-48633 and CVE-2025-48572 and a December 5 patch for additional critical issues, with Pixel devices already receiving updates.
- Rollouts for other brands depend on each manufacturer, with reports that some Samsung flagship models currently show only the December 1 level as broader distribution continues.
- CISA urged users to update by December 23 or cease using unpatched phones, and highlighted a Samsung vulnerability that could allow out-of-bounds writes leading to remote code execution.
- Users can verify protection under Settings → About phone → Android version, where a December 5, 2025 security patch level covers all known issues and December 1 addresses the two most critical flaws.