Google rolled out an urgent security patch earlier this month for millions of Pixel phones after confirming active spyware attacks exploiting two critical Android flaws, according to Forbes. The update targets vulnerabilities that let attackers steal sensitive data and seize control of devices without user interaction.
The first update addressed two high-severity Android Framework flaws (CVE-2025-48633 and CVE-2025-48572) that have been exploited in what Google says “may be under limited, targeted exploitation.”
Then a second, smaller emergency patch followed shortly thereafter, focusing on device-specific issues including battery drain and touch responsiveness problems, especially on Google Pixel 10.
The Core Vulnerabilities
CVE-2025-48633: An information disclosure vulnerability in the Android Framework that allows applications to access sensitive device information without proper authorization. This flaw enables attackers to extract data from the device owner’s account and access privileged system information.
CVE-2025-48572: An elevation of privilege vulnerability in the Android Framework that permits attackers to escalate permissions and gain unauthorized control over device functionality. According to security researchers, this could result in “local escalation of privilege with no additional execution privileges needed,” meaning user interaction is not required for successful exploitation.
Both vulnerabilities affect the Android Framework, which represents the core software layer that powers Android applications, making them particularly dangerous because they sit at a fundamental level of the operating system where most applications and system processes operate.
The Second Emergency Update
After patching the aforementioned security vulnerabilities, Google then rolled out an unexpected second update about two weeks after.
This update targeted device-specific functional issues like battery drain that was mostly reported on the Pixel 8-10 series; touch unresponsiveness that particularly affected Pixel 10 models; and cached content access that caused an inability to retrieve offline media and maps even after upgrading from Android 14 directly to Android 16.
Both incidents reflect a concerning industry trend, as this year alone, Google has patched eight zero-day vulnerabilities in its popular browser Chrome. The proliferation of actively exploited zero-days suggests attackers have developed increasingly sophisticated vulnerability discovery capabilities.
