Google has highlighted a severe zero-click vulnerability in Android devices, as disclosed in the November 2025 Android Security Bulletin. This critical flaw affects the System component and is identified by CVE-2025-48593. Attackers can exploit it remotely without requiring any user interaction, which poses a serious threat to users with smartphones that handle sensitive data such as banking and personal communications. If exploited, the vulnerability could lead to full device compromise, data theft, and other malicious activities.
The issue requires immediate attention, as it impacts devices running Android versions 10 and later, while older versions might be left exposed if manufacturers delay updates. Google recommends that users apply the November 2025 security patch to mitigate these risks, emphasizing the need for timely updates from manufacturers like Samsung and Pixel. In addition to this zero-click RCE vulnerability, the bulletin also notes CVE-2025-48581, a high-severity elevation of privilege vulnerability that could allow malicious apps unauthorized access to sensitive features. Security experts urge enabling auto-updates to combat the increasingly hostile digital landscape.
👉 Pročitaj original: Cyber Security News
