In a recent development, Google has rolled out a new Android security update addressing a total of 62 vulnerabilities, including two critical zero-day flaws that were actively being exploited by cybercriminals. The vulnerabilities, tracked as CVE-2024-53150 and CVE-2024-53197, were discovered in the Linux kernel’s USB sub-component, posing a significant risk of privilege escalation and unauthorized access to sensitive information without user interaction.
CVE-2024-53197, classified as a privilege escalation bug, and CVE-2024-53150, an out-of-bounds read vulnerability that could potentially lead to data exposure, both received a high CVSS score of 7.8. These vulnerabilities were initially fixed in the Linux kernel back in December 2024. Google has confirmed that these flaws may have been exploited in limited, targeted attacks, underscoring the importance of promptly applying the security update.
Adam Boynton, the senior security strategy manager at Jamf, highlighted the critical nature of these vulnerabilities, stating, “CVE-2024-53150 would allow an attacker to access sensitive information without user interaction, while CVE-2024-53197 could lead to memory corruption or privilege escalation if exploited by attackers.”
Moreover, one of the patched vulnerabilities, CVE-2024-53197, has been linked to an exploit chain used by Cellebrite, a renowned Israeli digital forensics firm. Amnesty International revealed that Cellebrite leveraged this vulnerability, along with CVE-2024-53104 and CVE-2024-50302, to gain unauthorized access to the phone of a Serbian activist in December 2024. Google has now addressed all three vulnerabilities through the latest Android updates, diminishing the risk posed by such exploit chains.
Although specific details regarding the real-world exploitation of CVE-2024-53150 were not disclosed by Google, researchers believe it may have been part of the same exploit chain used by Cellebrite. The GrapheneOS project also noted similarities between the vulnerabilities, underscoring the need for immediate patching to thwart potential cyber threats targeting unsecured devices.
In addition to addressing the zero-day vulnerabilities, Google’s April 2025 update also patches 60 other security flaws across various Android components. These include 28 issues in the 2025-04-01 patch level, focusing on System and Framework, and 31 additional vulnerabilities in the 2025-04-05 patch level, targeting Kernel, Qualcomm, MediaTek, and other third-party components. The update, however, does not include any new patches for Automotive OS or Wear OS.
In light of the ongoing cyber threats exploiting the identified vulnerabilities, security experts emphasize the critical need for Android users to update their devices immediately. Boynton emphasized, “With two vulnerabilities currently being exploited by cybercriminals, it’s absolutely essential that Android users update their devices immediately. Although this is a targeted attack, we strongly recommend that all users update their Android OS.”
Google has already begun rolling out the updates to Pixel devices, with other manufacturers such as Samsung, OnePlus, and Motorola expected to follow suit shortly. The tech giant assured that the security patches were shared with partners in January, ensuring a swift distribution to safeguard Android users against potential security breaches.
As the cyber landscape continues to evolve, timely security updates and patching remain paramount in safeguarding devices against emerging threats. By promptly applying the latest security updates, users can mitigate the risks associated with exploitable vulnerabilities and enhance the overall security posture of their Android devices.