Google has released the April 2025 Android security update, addressing 62 vulnerabilities, including two dangerous zero-day flaws that were already being exploited in real-world attacks.
One of the most critical issues patched is CVE-2024-53197, a high-severity privilege escalation bug in the Linux kernel’s USB-audio driver. According to reports, this vulnerability was used by Serbian authorities as part of a larger exploit chain to unlock seized Android devices. The exploit chain was reportedly developed by Israeli digital forensics firm Cellebrite and uncovered by Amnesty International’s Security Lab in mid-2024.
This chain also included two other zero-days:
- CVE-2024-53104 – a USB Video Class vulnerability (patched in February),
- CVE-2024-50302 – a flaw in Human Interface Devices (patched last month).
The second zero-day fixed in this month’s update is CVE-2024-53150, an information disclosure vulnerability in the Android kernel. It allows local attackers to access sensitive device data without needing user interaction, making it a significant privacy risk.
Google confirmed it had already alerted device manufacturers back in January 2025, giving them a head start on applying the fixes.
The April update includes two patch levels: 2025-04-01 and 2025-04-05. The second patch level includes all previous fixes along with updates for third-party and kernel components. Pixel devices are the first to receive the patches, while other brands may take more time to deliver updates based on their hardware and software testing.
Notably, this isn’t the first time Serbia has been linked to Android spyware attacks. In November 2024, Google patched CVE-2024-43047, a zero-day exploited by the NoviSpy spyware used against activists, journalists, and protestors in the country.
Android users are strongly advised to install the latest security updates as soon as they become available to protect against these evolving threats.
