[ActorNightly]

Search CVE numbers.

https://www.cve.org/CVERecord?id=CVE-2025-48633

Basically, just like most things these days, its all just local privilege escalation. This means that you have to install/run an app that has these exploits built in.

Soif you usage profile doesn't include downloading apps from untrusted sources, you don't need to worry.

[orbital-decay]

In other words, if you ever need to install anything on your device, you do need to worry. What even could be trusted, a random app from Play Store?

[lelanthran]

> In other words, if you ever need to install anything on your device, you do need to worry.

No, its "If you ever need to install some random app from the play, you do need to worry"

I installed the Teams app and Torque Pro today. I am not worried. I've also got the Sherlock games (purchased way back when) that I have yet to install on my new phone.

Installing that app also will not worry me. These apps are trusted because of the authors, not because of the Play store.

Worry is not binary, it's a probability, and you are at high risk if you're installing every rando's app on your phone and low risk if you are not.

[rs186]

What if an existing app gets an update that exploits the vulnerability?

For sure that's not going to happen to an app released by a major company, but there are lots of less known app created by many different developers.

[ndriscoll]

Turn off app updates. If it's working now, why do you need to update it? Does the update add something specific you want?

[skeaker]

In other words, continue as normal: Don't install random crap you don't trust. That this is even newsworthy is kind of strange.