Google confirms security breach: Most Samsung users can’t do anything

Google has issued an urgent security alert after two serious vulnerabilities in the Android system have been discovered and exploited in practice.

The vulnerabilities, known as CVE-2025-48633 and CVE-2025-48572, allow remote denial of service attacks to be performed without additional authorizations.

As part of the response, Google issued an emergency update to its own Pixel devices on December 1.

The security holes were closed immediately. For millions of Samsung users, however, the situation is different.

Here, the necessary security updates are not yet available, even though the attacks are already underway.

CISA warns – and Samsung confirms slow rollout

Just one day after Google’s announcement, the US cybersecurity authority CISA issued a warning about an additional vulnerability in Android that enables privilege escalation.

The authority demanded that all relevant US government agencies either update affected devices immediately or temporarily take them out of service.

At the same time, Samsung has confirmed that several of the vulnerabilities reported by Google’s security team, Project Zero, have been addressed internally.

However, the rollout of the updates will happen later, and this is where the problem arises.

According to Google, it usually takes about a month for Samsung to reach out to all users with the necessary fixes.

Slow updates lead to criticism of the Android structure

Unlike Google, which has full control over both the hardware and software of the Pixel series and can release updates immediately, Samsung works with a more complex model.

Security updates are released gradually and depend on the model, region and mobile vendor.

According to Google, currently only the Galaxy S25 and a single mid-range model support the new “Seamless Updates” feature to enable faster updates.

Criticism of Android’s update structure is growing as both Pixel and Apple devices can receive critical updates within hours.

Security experts point out that Android as a platform faces a structural challenge where manufacturers’ delays create a risk for users.

According to Google, changes are needed to ensure that critical vulnerabilities do not remain open for weeks in the future.