Mountain View, April 9, 2025: Google has rolled out the April 2025 Android security update, fixing 62 vulnerabilities, including two actively exploited zero-day flaws. One of the critical flaws, CVE-2024-53197, is a privilege escalation issue in the Linux kernel’s USB-audio driver. It was reportedly exploited by Serbian authorities using digital forensics tools from Cellebrite to unlock seized Android devices.
The second flaw, CVE-2024-53150, is an information disclosure vulnerability in the Android kernel, enabling attackers to access sensitive data without user interaction. Google is urging users to update their devices to the 2025-04-05 security patch level or later. Pixel phones have already received the updates, while other Android manufacturers are expected to follow soon.
