Comprehensive April 2025 Security Updates Released for Android
Google has recently fortified Android security by releasing patches for 62 critical vulnerabilities, which include two zero-day exploits previously utilized in sophisticated targeted attacks.
Detailed Breakdown of the Patched Zero-Days
The first zero-day, identified as CVE-2024-53197, is a significant privilege escalation flaw in the Linux kernel’s USB-audio driver for ALSA Devices. This vulnerability was actively exploited by Serbian authorities to unlock confiscated Android devices, utilizing a zero-day exploit chain developed by the Israeli digital forensics company, Cellebrite.
This exploit chain previously included a USB Video Class zero-day (CVE-2024-53104) patched in February, and a Human Interface Devices zero-day (CVE-2024-50302) addressed last month. These findings were uncovered by Amnesty International’s Security Lab during investigations of devices unlocked by Serbian police in mid-2024.
The second zero-day resolved in this update, tagged as CVE-2024-53150, relates to an information disclosure vulnerability within the Android Kernel. This flaw, caused by an out-of-bounds read, could allow local attackers to access sensitive information without the need for user interaction.
Additional Security Enhancements in March 2025
Besides the zero-day fixes, the March 2025 security update for Android covers 60 other vulnerabilities, primarily high-severity elevation of privilege issues.
Google rolled out the security patches in two sets, dated 2025-04-01 and 2025-04-05. While the first set encompasses the primary vulnerabilities, the second adds patches for third-party and kernel subcomponents, though not all Android devices may require these additional fixes.
Update Distribution and Device Impact
Devices under the Google Pixel line are immediate recipients of these updates. However, other manufacturers might delay the rollout as they conduct tests and adjust the patches to suit their hardware configurations.
Moreover, an earlier incident in November 2024 saw Google addressing another Android zero-day (CVE-2024-43047), exploited by the Serbian government in deploying the NoviSpy spyware against activists, journalists, and protestors.
With consistent patches and vigilant monitoring of emerging threats, Google continues to prioritize user security and privacy in its Android ecosystem.
Related: Malicious VSCode extensions infect Windows with cryptominers
Last Updated: April 7, 2025
