Google warned Monday that Android is under attack, and now America’s cyber defense agency has issued its own warning, ordering all federal employees to update or stop using their phones. Now Google has quickly released the update for all Pixel users.
“We have started to roll out the monthly software update for December 2025,” Google confirmed Wednesday. “All supported Pixel devices running Android 16 will receive these software updates starting today.”
Two Android vulnerabilities are now “under limited, targeted exploitation,” with users at risk from “remote denial of service with no additional execution privileges needed.” This is serious, as evidenced by the speed Google, Samsung and CISA have acted.
CVE-2025-48633 and CVE-2025-48572 are not the only vulnerabilities flagged for December, in what has turned out to be a bumper update. But these are the highlights. Both affect Android’s core framework, which runs at the core of the OS.
It’s at times like these that Pixel’s significant advantage over Samsung becomes clear. All users of Google’s smartphone will receive their updates in quick time. Those updates will then install seamlessly, reducing any downtime for users.
The Samsung story is very different. The rollout will take the course of the month, with many users waiting until late December for their updates. And other than those with new Galaxy S25s, owners of expensive flagships still do not get the seamless updates standard on Pixel for years, meaning a slower, more painful process.
“You will receive a notification once the system update is available for your device,” Google tells Pixel owners. “We encourage you to check your Android version and update to receive the latest software.”
If you’re a government employee, then you need to update your Pixel by Dec. 23 or power it down, per CISA’s order. But given attacks have been confirmed, all users should update on that same timetable. Do not leave this vulnerability on your phone.