(www.forbes.com)

208 points mohi-kalantari | 1 comments | 08 Dec 25 16:32 UTC | HN request time: 0.232s | source

Show context

RadiozRadioz ◴[08 Dec 25 19:23 UTC] No.46196472[source]▶

>>46194315 (OP) #

I'm really struggling to find any concrete information about what this vulnerability actually is. Does anyone know where to look for a good summary?

replies(3): >>46196522 #>>46196621 #>>46197224 #

ActorNightly ◴[08 Dec 25 20:29 UTC] No.46197224[source]▶

>>46196472 #

Search CVE numbers.

https://www.cve.org/CVERecord?id=CVE-2025-48633

Basically, just like most things these days, its all just local privilege escalation. This means that you have to install/run an app that has these exploits built in.

Soif you usage profile doesn't include downloading apps from untrusted sources, you don't need to worry.

replies(3): >>46197427 #>>46197784 #>>46200663 #

rs186 ◴[08 Dec 25 21:19 UTC] No.46197784[source]▶

>>46197224 #

What if an existing app gets an update that exploits the vulnerability?

For sure that's not going to happen to an app released by a major company, but there are lots of less known app created by many different developers.

replies(1): >>46204713 #

1. ndriscoll ◴[09 Dec 25 13:28 UTC] No.46204713[source]▶

>>46197784 #

Turn off app updates. If it's working now, why do you need to update it? Does the update add something specific you want?

↑

Google confirms Android attacks; no fix for most Samsung users