Android Attacks—Google Confirms No Fix For 30% Of All Phones

Take this seriously. Google kicked off Dangerous December with a warning that Android is now under attack. Two vulnerabilities have been exploited. What starts as highly targeted spyware quickly expands its attack surface. And Google has also confirmed that protection is only available for certain phones, leaving a billion users at risk.

ForbesFBI Warning: If You Get These Texts On Your Phone—Do Not ReplyBy Zak Doffman

Google’s warning that there are “indications” CVE-2025-48633 and CVE-2025-48572 “may be under limited, targeted exploitation” kicked off a tumultuous month for security threats. Google quickly added a Chrome attack warning before Apple’s stark warning that Apple users are also under attack from this mercenary spyware.

Google issued fixes for both vulnerabilities, and dozens more not yet under active exploitation — as far as we know. But those fixes, which were quickly shared with other Android OEMs including Samsung, are only available for Android, 13, 14, 15 and 16.

More than 30% of Android phones still run Android 12 or older. That’s bad enough. But OEMs take time to deploy these fixes, leaving even supported phones at risk as they do, and many users are late in applying updates once they’re available. But for the 1 billion users no longer eligible for support, there is no fix coming — ever.

Mobile security specialist Zimperium warns that “at any given point in the year, over 50% of mobile devices are running outdated OS versions, and a significant number are compromised or infected.” With attacks surging, this is not a good look for Android.

The situation is better on iPhone, given the much simpler ecosystem with Apple pushing out updates to everyone, everywhere, all at once. It is thought around 90% (1,2) of current iPhones are running supported versions of the operating system.

ForbesIsrael’s IDF Bans Android After Attacks—Secure Your Phone NowBy Zak Doffman

If your phone has fallen off support, you’re now at risk. As BeyondTrust’s James Maude told me, “even though this only appears to be linked to a small number of targeted attacks, it will quickly become a must have exploit for a range of threat actors.”