Google has addressed 107 vulnerabilities in Android with its December 2025 Security Bulletin, including two high-severity flaws currently being exploited. These updates apply to Android versions 13 through 16. While Google informs device manufacturers about these issues at least a month in advance, the rollout of patches can vary, meaning not every device will receive updates immediately. The two critical vulnerabilities are both found in the Android application framework. CVE-2025-48633 lacks detailed information and does not yet have a CVSS score, but it is classified as high severity. It likely involves improper input validation that allows local apps to access sensitive information. The second vulnerability, CVE-2025-48572, has a CVSS score of 7.4 and allows local applications to execute arbitrary code due to similar validation issues. To mitigate risks, users should only install apps from official sources and be cautious of links in messages. It's important to verify the credibility of finance-related apps before installation. Regularly updating Android, Google Play services, and apps is essential for receiving security fixes. Scrutinizing app permissions can also help prevent unauthorized access. For added protection, using a reliable anti-malware solution like Malwarebytes is recommended.