Google Patches Two Actively Exploited Zero-Day Vulnerabilities in Android

TL;DR

• Google has patched two actively exploited zero-day vulnerabilities in the April 2025 Android Security Bulletin.
• Users are advised to update their devices to the latest security patch level to protect against these vulnerabilities.

Google Addresses Critical Zero-Day Vulnerabilities in Android

Google has recently addressed 62 vulnerabilities in its Android operating system, including two actively exploited zero-day vulnerabilities. These fixes were detailed in the April 2025 Android Security Bulletin.

Understanding Zero-Day Vulnerabilities

A zero-day vulnerability refers to a software flaw that is exploited or publicly disclosed before a patch is available. The term “zero-day” signifies the lack of time organizations have to defend against such threats.

April 2025 Security Updates

The April updates are available for Android versions 13, 14, and 15. Although Android vendors are notified of these issues at least a month before publication, the availability of patches for all devices may vary. Users can check their device’s Android version, security update level, and Google Play system level in the Settings app. For most devices, updates can be checked under About phone or About device by tapping on Software updates.

Devices displaying patch level 2025-04-05 or later are considered protected against these vulnerabilities. The higher patch level includes all fixes from the initial batch and additional security patches for closed-source third-party and kernel subcomponents.

Technical Details of the Vulnerabilities

Both zero-day vulnerabilities are located in the kernel:

1. CVE-2024-53150: An out-of-bounds flaw in the USB sub-component of the Linux Kernel that could lead to information disclosure. Local attackers can exploit this without user interaction¹.
2. CVE-2024-53197: A privilege escalation flaw in the USB audio sub-component of the Linux Kernel, also exploitable without user interaction².

These vulnerabilities have been linked to previous exploits, highlighting the importance of timely updates.

Importance of Keeping Devices Updated

Maintaining up-to-date devices is crucial for protecting against known vulnerabilities and ensuring user safety. Users are encouraged to regularly check for and install available updates.

Additional Resources

For further insights, check:

1. Android Security Bulletin - April 2025
2. Malwarebytes Blog
3. CVE-2024-53150 Details
4. CVE-2024-53197 Details

References

1. Malwarebytes Labs (2025). “Understanding Zero-Day Vulnerabilities”. Malwarebytes. Retrieved 2025-04-08. ↩︎

2. Malwarebytes Labs (2025). “April 2025 Android Security Bulletin”. Android. Retrieved 2025-04-08. ↩︎