Google has released its April 2025 Android Security Bulletin, which includes patches for 62 vulnerabilities affecting Android devices. Two of the fixes address critical zero-day flaws that may have been exploited in “limited, targeted” attacks, according to Google. Zero-days are security vulnerabilities that are exploited before the software developer can identify the flaw and issue a patch.
The security update for April includes fixes for a range of issues, many of which elevation of privilege flaws, as well as vulnerabilities with Qualcomm, MediaTek, Arm, and Imagination Technologies components.
Two serious exploits
One of the zero-day exploits (labeled CVE-2024-53197) is an elevation of privilege flaw in the Linux kernel’s USB-audio driver for ALSA Devices. According to Bleeping Computer, this vulnerability was identified by Amnesty International’s Security Lab in 2024 as part of a chain—along with one flaw fixed in February and another in March—used by Serbian police to target activists.
The other zero-day (labeled CVE-2024-53150) is an information disclosure vulnerability in the Android kernel that permits local attackers to gain access to data without the device user’s input.
If you’re an Android user, you should be sure your device is up to date with this latest patch.
What do you think so far?