Find notable cyber news and cases, enriched with sources, timelines, and signals.

Android framework information disclosure and elevated-access flaws under limited targeted exploitation (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 4
2 unique sources, 2 articles

Summary

Hide ▲

Google patched CVE-2025-48633 and CVE-2025-48572, two Android framework flaws that may be under limited, targeted exploitation, leaving Android 13-16 devices exposed to information disclosure and elevated-access risk until updated. The issues were included in the December 1 Android Security Bulletin, which addressed 51 flaws immediately and queued more fixes for December 5. The vulnerabilities matter because one can disclose information without authorization and the other can raise attacker access on vulnerable devices.

Related Happenings

Google Android Developer Verifier enforcement rollout for verified app installs

Security Tool/Service
H score14 First: 22.06.2026 15:45 Last: 22.06.2026 15:45 Sources 1

About this happening: Google is **enforcing Android developer verification** on **September 30, 2026**, blocking normal installs of unverified apps on certified Android phones in **Brazil, Indonesia, S...

Android Framework code execution and privilege escalation flaw (CVE-2025-48595)

Vulnerability
H score40 First: 02.06.2026 14:10 Last: 02.06.2026 14:10 Sources 1

About this happening: Google's **June 2026 Android security patches** now cover **CVE-2025-48595**, an **actively exploited Android Framework** flaw that can lead to **code execution** and **privilege...

Android Intrusion Logging forensic logging rollout for spyware investigations

Security Tool/Service
H score11 First: 13.05.2026 09:55 Last: 13.05.2026 09:55 Sources 1

About this happening: **Android** is adding **Intrusion Logging**, an opt-in forensic feature in **Advanced Protection Mode** that preserves device and network activity for suspected spyware compromise...

Android 17 expands platform security and privacy protections

Security Tool/Service
H score15 First: 12.05.2026 20:00 Last: 12.05.2026 20:00 Sources 1

About this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...

EngageLab SDK intent redirection security flaw

Vulnerability
H score29 First: 09.04.2026 20:26 Last: 09.04.2026 20:26 Sources 1

About this happening: A **now-patched intent redirection vulnerability** in the **EngageLab SDK** could let **malicious apps** bypass the **Android security sandbox** and access private data in apps us...

Timeline

  1. 02.12.2025 13:15 2 articles · 7mo ago

    Google discloses Android zero-day vulnerabilities

    Initial Disclosure

    Google's Android Security Bulletin disclosed 107 zero-day vulnerabilities affecting Android and Android Open Source Project (AOSP), and the December 1 patch set immediately covered 51 flaws across the Android framework and system while the remaining fixes were scheduled for December 5.

    Show sources
  2. 02.12.2025 13:15 1 articles · 7mo ago

    Google flags limited targeted exploitation of Android framework CVEs

    Technical Analysis Update

    Google said CVE-2025-48633 and CVE-2025-48572 in the Android framework may be under limited, targeted exploitation; both are high-severity information disclosure issues affecting Android 13, 14, 15 and 16, with CVE-2025-48633 enabling unauthorized disclosure of information and CVE-2025-48572 enabling elevated access on vulnerable devices.

    Show sources