Google has released its April 2025 Android security update . The latest update addresses 62 vulnerabilities, including two zero-days that were actively exploited in targeted attacks. Google released two sets of security patches for April 2025: the 2025-04-01 and 2025-04-05 patch levels. The latter includes all fixes from the earlier update, along with additional patches for closed-source third-party components and kernel subcomponents, which may not apply to every Android device. Pixel devices receive these updates immediately, while other manufacturers typically require additional time to test and adapt the patches for their specific hardware setups.
What Google said about the zero-day vulnerabilities
In February, Google revealed that these fixes were shared with OEM partners earlier this year. In a statement to Bleeping Computer: “We were aware of these vulnerabilities and exploitation risk prior to these reports and promptly developed fixes for Android. Fixes were shared with OEM partners in a partner advisory on January 18.”
What were the zero-day vulnerabilities that Google fixed this month
One of the patched zero-days (CVE-2024-53197) is a high-severity privilege escalation security flaw in the Linux kernel's USB-audio driver for ALSA Devices. Serbian authorities reportedly used this vulnerability as part of a zero-day exploit chain to unlock confiscated Android devices, with the chain allegedly developed by Israeli digital forensics firm Cellebrite.
The exploit chain also included two previously patched zero-days: a USB Video Class vulnerability (CVE-2024-53104) fixed in February and a Human Interface Devices flaw (CVE-2024-50302) patched in March. These exploits were uncovered by Amnesty International’s Security Lab in mid-2024 during an investigation into forensic logs from devices accessed by Serbian police.
Google has fixed another zero-day security flaw (CVE-2024-53150). This is an information disclosure vulnerability in the Android Kernel, caused by an out-of-bounds read issue that allowed local attackers to access sensitive data on affected devices without requiring user interaction.
In November 2024, Google also addressed another Android zero-day (CVE-2024-43047). First flagged as exploited by Google Project Zero in October 2024, this vulnerability was reportedly used by the Serbian government in NoviSpy spyware attacks targeting Android devices belonging to activists, journalists and protestors.
What Google said about the zero-day vulnerabilities
In February, Google revealed that these fixes were shared with OEM partners earlier this year. In a statement to Bleeping Computer: “We were aware of these vulnerabilities and exploitation risk prior to these reports and promptly developed fixes for Android. Fixes were shared with OEM partners in a partner advisory on January 18.”
What were the zero-day vulnerabilities that Google fixed this month
One of the patched zero-days (CVE-2024-53197) is a high-severity privilege escalation security flaw in the Linux kernel's USB-audio driver for ALSA Devices. Serbian authorities reportedly used this vulnerability as part of a zero-day exploit chain to unlock confiscated Android devices, with the chain allegedly developed by Israeli digital forensics firm Cellebrite.
The exploit chain also included two previously patched zero-days: a USB Video Class vulnerability (CVE-2024-53104) fixed in February and a Human Interface Devices flaw (CVE-2024-50302) patched in March. These exploits were uncovered by Amnesty International’s Security Lab in mid-2024 during an investigation into forensic logs from devices accessed by Serbian police.
Google has fixed another zero-day security flaw (CVE-2024-53150). This is an information disclosure vulnerability in the Android Kernel, caused by an out-of-bounds read issue that allowed local attackers to access sensitive data on affected devices without requiring user interaction.
In November 2024, Google also addressed another Android zero-day (CVE-2024-43047). First flagged as exploited by Google Project Zero in October 2024, this vulnerability was reportedly used by the Serbian government in NoviSpy spyware attacks targeting Android devices belonging to activists, journalists and protestors.
You may also like
VHP warns against riots over Waqf Act, urges 'secular-jihadi alliance' to refrain from incitement
Norovirus 'stay home' alert as levels 'very high for this time of year'
26/11 Mumbai attack accused Tahawwur Rana lands in India, NIA secures successful extradition
King Charles cracks health joke as he impresses Italians with gardening skills
Feltham crash: Teens killed in horror bus collision near Heathrow Airport pictured
