The Android Open Source Project is the free and open-source version of the Android operating system. It's used by Google devices, such as Pixel phones, to build custom ROMs and kernels. This vulnerability affects AOSP, which is a complex software stack that includes many components, making it difficult to identify the exact impact.
Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
Upgrade to AOSP 2025-12-05 or later. For more information, see Changes to AOSP.
- If immediate upgrade isn't possible:
- Restrict network access to your device (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation