Pierluigi Paganini
April 08, 2025
Google released Android ‘s April 2025 security updates to address 62 vulnerabilities, including two zero-day vulnerabilities (CVE-2024-53197, CVE-2024-53150) exploited in targeted attacks.
The vulnerability CVE-2024-53197 is a Linux kernel issue affecting ALSA USB audio. Malicious devices could exploit a config value to trigger out-of-bounds memory access.
Amnesty International reported that a Cellebrite zero-day exploit was used to unlock the Android smartphone of a Serbian activist. In a statement published on 25 February 2025, Cellebrite announced that it had blocked Serbia from using its solution after reports that police used it to unlock and infect the phones of a journalist and activist.
In 2024, the Security Lab provided evidence of a Cellebrite zero-day exploit chain to industry partners, leading Google to identify three vulnerabilities. CVE-2024-53104 was patched in Android’s February 2025 update, while CVE-2024-53197 and CVE-2024-50302 (CVSS score of 5.5) were patched in the Linux kernel but not yet in Android.
The second zero-day addressed by Google in Android’s April 2025 is CVE-2024-53150. A Linux kernel fix resolves an ALSA USB-audio flaw where invalid descriptor lengths could cause out-of-bounds reads when detecting clock sources. Sanity checks were added to skip malformed descriptors and ensure safe memory access.
As usual, Google released two collections of security patches, the 2025-04-01 and 2025-04-05 security patch levels.
In February 2025, Google released Android security updates to address 48 vulnerabilities, including a zero-day flaw, tracked as CVE-2024-53104, which was actively exploited in attacks in the wild.
In November 2024, Google addressed two Android zero-days, tracked as CVE-2024-43047 and CVE-2024-43093, which were actively exploited in the wild.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Google)
