Advertisement
Subscribe to our daily newsletter.
Subscribe

Google addresses 2 actively exploited vulnerabilities in security update

Serbian security services exploited one of the actively exploited vulnerabilities to break into the phone of a youth activist in Serbia, according to Amnesty International.

By

Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
A view of the Google offices in New York City on May 19, 2020. (Photo by Ben Gabbe/Getty Images)

Google addressed 62 vulnerabilities affecting Android devices in its April security update, including a pair of actively exploited software defects that were first disclosed in December. Google said the two vulnerabilities — CVE-2024-53197 and CVE-2024-53150 — “may be under limited, targeted exploitation.”

The pair of flaws under active exploitation are high-severity and affect the Linux kernel’s USB audio driver, according to Google. The most severe of the actively exploited vulnerabilities, CVE-2024-53150, carries a CVSS score of 7.1 and allows attackers to obtain potentially sensitive data. 

The second actively exploited vulnerability, CVE-2024-53197, is part of a zero-day exploit chain developed by Israel-based digital forensics company Cellebrite. Serbian security services abused a Cellebrite zero-day exploit chain in “a Cellebrite product to break into the phone of a youth activist in Serbia,” Amnesty International’s Security Lab said in a report released in February.

Google’s security advisory includes two critical and 12 high-severity flaws affecting the Android system. Google also addressed one critical and 13 high-severity vulnerabilities affecting the Android framework.

Advertisement

The Android security update contains two patch levels — 2025-04-01 and 2025-04-05 — allowing Android partners to address a group of 27 common vulnerabilities on different devices. 

The second patch includes fixes for five vulnerabilities affecting the Linux kernel, one vulnerability in an Arm component, nine defects in Imagination Technologies components, four flaws in MediaTek components and 13 total defects in Qualcomm components.

Google Pixel users will get access to the latest Android security updates automatically. Other Android device manufacturers release security patches on a slower timeline, after they’ve customized operating system updates for their specific hardware.

Google said source code patches for all 62 vulnerabilities covered in this month’s security update will be released to the Android Open Source Project repository by Wednesday.

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

A view of the Microsoft corporate logo in front of the Microsoft Office building on 41st street and 8th avenue on July 19, 2024 in New York City. (Photo by Craig T Fruchtman/Getty Images)

Microsoft patches 57 vulnerabilities, including 6 zero-days

More than three-quarters of the vulnerabilities covered in the vendor’s monthly Patch Tuesday update are high-severity flaws.
By Matt Kapko

Latest Podcasts

Emily Crose on the government’s long history with hackers

Silent Push’s Ken Bagnall on how companies can work with governments to take down malicious infrastructure

Edera’s Alex Zenla on how to make cloud computing and AI secure-by-design

Allie Bohan on how to handle the non-technical side of a ransomware attack

Government

Technology

Threats

Policy