Google Confirms Android Attacks-No Fix for Most Samsung Users
by mohi-kalantari on 12/8/2025, 4:32:50 PM
Comments
by: charcircuit
>But in reality, Samsung (and the other Android OEMs) cannot compete with Google and its unique control over hardware and software.<p>Yes, they can. We are talking about applying provided security patches to source code, and then releasing a new version of their OS. For patches that have existed for months. The time from patch to release should be on the order l of days from receiving the patches to having a validated OS release with the fix being sent to users. It's not the control of Android which makes Google possible to patch their Pixel branch of AOSP faster than Samsung can patch their own. It's that Samsung doesn't care about prompt security fixes so they don't allocate engineers to do the work.
12/8/2025, 5:37:51 PM
by: xnx
No fix <i>yet</i> for Samsung. Being reliant on the hardware manufacturer (or network operator?) for OS updates is the crazy world we live in.
12/8/2025, 5:09:15 PM
by: kelnos
> <i>This [update] was rushed out to all Pixel users.</i><p>Pixel 8 here, still don't have the update. That's... not great.
12/8/2025, 5:23:42 PM
by: baal80spam
This requires user action, right? User needs to install the APK by hand? In other words - if I don't install any crap on my phone I am safe?
12/8/2025, 5:13:28 PM
by: purplehat_
The Forbes link unfortunately doesn't say much about how it works. This link does a little better:<p><a href="https://github.com/Ashwesker/Blackash-CVE-2025-48633" rel="nofollow">https://github.com/Ashwesker/Blackash-CVE-2025-48633</a><p>The text there:<p><pre><code> ┌──────────────────────────┐ │ Attacker (C2 Server) │ └────────┬─────────────────┘ │ 1. Delivers malicious APK │ (phishing, fake app store, drive-by) ▼ ┌─────────────────────────────────────────────────────┐ │ Victim's Android 15 Phone │ │ (Security patch < 2025-12-01 → still vulnerable) │ └─────────────────────────────────────────────────────┘ │ ┌──────────────┴──────────────┐ ▼ ▼ User installs & opens Malicious app runs in background "Fake Game / Tool" APK (no permissions needed for this CVE) │ │ 2. App triggers vulnerable Framework API │ (crafted Intent / Binder transaction) ▼ ┌───────────────────────────────────┐ │ Android Framework (buggy) │ │ code in Parcel/Binder handling) │ └───────────────────────────────────┘ │ │ 3. Information Disclosure occurs │ → Sensitive data leaked without user interaction ▼ Leaked data examples: • Device ID / IMEI • Installed app list • Account tokens • Contacts / SMS snippets • Clipboard content • Location history fragments │ │ 4. Data silently sent back ▼ ┌───────────────────────────────────┐ │ Attacker receives stolen data │ → Can be sold, used for │ └───────────────────────────────────┘ spying, or chained with other exploits (e.g. CVE-2025-48572)</code></pre>
12/8/2025, 5:06:15 PM
by: rew0rk
While the information leakage/disclosure is a big issue, It feels like its still a big jump to get users to install off-Play Store APKs?
12/8/2025, 5:15:16 PM
by: Squeeze2664
Is GrapheneOS affected?
12/8/2025, 4:54:21 PM
by: resist_futility
nice list of vulnerabilities and source changes<p><a href="https://source.android.com/docs/security/bulletin/2025-12-01" rel="nofollow">https://source.android.com/docs/security/bulletin/2025-12-01</a>
12/8/2025, 5:39:54 PM
by: baaron
My tinfoil hat might be on too tight again... but the timing of this exploit coinciding with Google's full court press on Android user rights is just a little suspect. Especially after the ongoing public education campaign about the evils of "sideloading" an Android application.
12/8/2025, 5:34:31 PM
by: domoregood
<a href="https://archive.is/krzUC" rel="nofollow">https://archive.is/krzUC</a>
12/8/2025, 5:09:14 PM