Google has released a new Android security update that fixes 107 issues, including two serious vulnerabilities (called zero-days) that hackers were actively using in attacks. These affect Android versions 13 through 16.

The two critical issues are:

• CVE-2025-48633 – Could allow attackers to access private information.
• CVE-2025-48572 – Could let attackers gain extra permissions on your device.

Why This Matters

If your device isn’t updated, attackers could use these flaws to steal data or take control of your phone.

What You Need to Do

• Update your Android device now:
  • Go to Settings > Security & privacy > System & updates > Security update, then install and restart.
• Make sure Google Play Protect is turned on.
• If your device can’t update, contact the ACORD Helpdesk at helpdesk@acord.org for help.

Special Note: This update is only for Android users. If you use an iPhone or another device, no action is needed.

For more details, you can read the full article here: Google fixes two Android zero-days exploited in attacks, 107 flaws.

Thank you for taking action to keep your device and our organization secure.