好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内。用户给了一篇关于Google发布2025年12月Android安全公告的文章,里面提到了修复了107个漏洞,其中有2个被积极利用的高危漏洞。文章还详细介绍了这些漏洞的影响范围、严重程度以及修复情况。 首先,我需要确定文章的主要信息点:Google发布了安全公告,修复了107个漏洞,其中两个被积极利用的高危漏洞影响了多个Android版本。此外,还有其他漏洞的修复情况和一些厂商的更新。 接下来,我要将这些信息浓缩到100字以内。需要注意的是,用户要求不要以“文章内容总结”或“这篇文章”这样的开头,直接写描述即可。 我应该先提到Google发布了安全公告的时间和修复的漏洞数量。然后说明其中有2个高危漏洞被积极利用,并影响了哪些Android版本。接着可以简要提到其他修复的情况,比如框架、内核等部分的漏洞修复。最后提到设备支持范围和建议用户更新。 现在把这些整合起来: Google发布2025年12月Android安全公告,修复107个漏洞,其中两个高危漏洞CVE-2025-48633和CVE-2025-48572被积极利用于定向攻击,影响Android 13至16版本。其他漏洞涉及框架、内核及第三方组件,并提供针对不同设备的修复方案。 检查一下字数是否在100字以内,并且是否涵盖了主要信息点。 </think> Google发布2025年12月Android安全公告,修复107个漏洞,其中两个高危漏洞CVE-2025-48633和CVE-2025-48572被积极利用于定向攻击,影响Android 13至16版本。其他漏洞涉及框架、内核及第三方组件,并提供针对不同设备的修复方案。 2025-12-2 14:45:20 Author: www.bleepingcomputer.com(查看原文) 阅读量:4 收藏
Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks.
The two high-severity vulnerabilities are tracked as CVE-2025-48633 and CVE-2025-48572. They are information disclosure and elevation-of-privilege issues, respectively, affecting Android versions 13 through 16.
"There are indications that the following may be under limited, targeted exploitation," mentions the December Android bulletin.
While Google has not shared any technical or exploitation details about the flaws, similar flaws in the past were used for targeted exploitation by commercial spyware or nation-state operations targeting a small number of high-interest individuals.
Ranked by severity, the most critical vulnerability fixed this month is CVE-2025-48631, a denial-of-service (DoS) flaw in the Android Framework.
This month's updates address a total of 51 flaws on Android Framework and System components, covered by the 2025-12-01 Patch Level, and another 56 bugs in the Kernel and third-party closed-source components, covered by the 2025-12-05 Patch Level.
In what concerns the latter, there are four critical-severity fixes for elevation-of-privilege flaws in the Kernel's Pkvm and UOMMU subcomponents, and two critical fixes for Qualcomm-powered devices (CVE-2025-47319 and CVE-2025-47372).
More information about closed-source fixes can be found in Qualcomm's and MediaTek's bulletins for the December 2025 security updates.
Additionally, Samsung published its security bulletin, including ported fixes from the Google update and vendor-specific fixes.
It is important to note that the updates cover devices running Android 13 and later, but devices on Android 10 and later may receive some crucial fixes via Google Play system updates.
Also, Play Protect can detect and block documented malware and attack chains, so users of any Android version should keep the component up to date and active.
Those on older Android versions should either move to a third-party distribution that regularly incorporates Google's security fixes or switch to a newer device model for active support.
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
如有侵权请联系:admin#unsafe.sh