Google has released its April 2025 Android security update, addressing 62 vulnerabilities—two of which were zero-day flaws actively exploited in the wild, reports BleepingComputer. One of the zero-days (CVE-2024-53197), located in the Linux kernel’s USB-audio driver, had been weaponized in targeted attacks. According to reports, Serbian authorities allegedly used this exploit as part of a broader chain developed by Israeli firm Cellebrite to access seized Android devices.
Amnesty International’s Security Lab uncovered the exploit chain during a mid-2024 investigation, revealing a series of unknown flaws that allowed attackers to bypass Android's built-in protections. Google noted that it had already shared fixes with partners back in January via a private advisory.
The second zero-day (CVE-2024-53150) involved an out-of-bounds read in the Android kernel, allowing local attackers to access sensitive device data without user interaction. In addition to these critical flaws, the update also resolves 60 high-severity vulnerabilities—many related to privilege escalation.
Google has split the patches into two security levels: 2025-04-01 and 2025-04-05. The latter includes additional kernel and closed-source component fixes, which may not apply to all devices. While Pixel users receive updates immediately, other Android devices may face delays due to manufacturer testing. This release follows a similar November 2024 patch that addressed a zero-day linked to NoviSpy spyware (CVE-2024-43047).
