Two Android 0-day bugs patched, plus 105 more fixes

Two Android 0-day bugs patched, plus 105 more fixes

Briefly

"The two vulnerabilities are CVE-2025-48633, an information-disclosure flaw in Android's framework component, and CVE-2025-48572, an elevation-of-privilege bug also in the framework component. Both are ranked high severity, and according to Google, both "may be under limited, targeted exploitation." Both of these - plus an additional 105 security holes - all have patches, so it's a good idea to update your Android software ASAP."

"This latest zero-day follows an emergency patch that Google issued last month for a high-severity Chrome bug that attackers have already found and exploited in the wild. That vulnerability, tracked as CVE-2025-13223, is a type confusion flaw in the V8 JavaScript engine, and it marked the seventh Chrome zero-day this year. All have since been patched. Seven bugs achieved a critical-severity rating in the Android December patch marathon."

"There are also four critical escalation-of-privilege bugs in the kernel (CVE-2025-48623, CVE-2025-48624, CVE-2025-48637, and CVE-2025-48638), plus two critical vulnerabilities (CVE-2025-47319, CVE-2025-47372) affecting Qualcomm closed-source components. According to Qualcomm's security advisory, CVE-2025-47319 can allow "information disclosure while exposing internal TA-to-TA communication APIs to HLOS." CVE-2025-47372, a critical buffer overflow flaw, occurs when a corrupted ELF image with an oversized file is read into"