Google has launched patches for 62 vulnerabilities within the Android safety replace in April 2025, together with two zero days exploited in particular assaults.
One of many zero days, a vulnerability of excessive -severity privilege climbing (CVE-2024-53197) Within the USB-Audio USB-Audio controller of the Linux kernel for ALSA gadgets, it was As reported, exploited by the Serbian authorities to unlock Android gadgets confiscated as a part of a zero day exploites chain developed by the Israeli Cellebrite digital forensic firm.
This exploit chain, which additionally included a USB video video day (CVE-2024-53104) Pathers in February and a zero day of human interface gadgets (CVE-2024-50302) PARTADO LAST MONTH): It was found by the Amnesty Worldwide Safety Laboratory in mid -2014 whereas analyzing information present in gadgets unlocked by the Serbian police.
Google advised Bleepingcompter in February that these options had been shared with Oem Companions in January.
“We had been conscious of those vulnerabilities and danger of exploitation earlier than these studies and we shortly develop android options. The options had been shared with Oem Companions in a companions discover on January 18,” mentioned a Google spokesman for Bleepingcomuter.
The second zero day of this fastened month (CVE-2024-53150) is a vulnerability of knowledge dissemination of the Android nucleus brought on by a Out of the boundaries learn weak spot that enables native attackers to entry confidential details about susceptible gadgets with out consumer interplay.
Android safety updates of 2025 additionally appear one other 60 safety vulnerabilities, most of that are the elevation of excessive severity privileges failure.
Google issued two units of safety patches, the 2025-04-01 and 2025-04-05 Security patch ranges. The latter offers all of the corrections of the primary lot and safety patches for third -party subcomponents and closed code nucleus, which can’t essentially be utilized to all Android gadgets.
Google Pixel gadgets obtain these updates instantly, whereas different suppliers usually take longer to check and alter safety patches for his or her particular {hardware} settings.
In November 2024, Google additionally solved One other zero android day (CVE-2024-43047), first labeled as exploited By Google Undertaking Zero In October 2024 and utilized by the Serbian Authorities in Adware Novispados assaults Towards Android gadgets that belong to activists, journalists and protesters.
Based mostly on an evaluation of 14 million malicious actions, uncover the ten Miter Att & CK strategies of Prime 10 myitor behind 93% of the assaults and the best way to defend towards them.
