Google Releases April Android Update to Address Two Zero-Days

A new Android security update from Google has patched 62 vulnerabilities, including two zero-day flaws that were being actively exploited.

The high-severity issues – tracked as CVE-2024-53150 and CVE-2024-53197 – were found in the Linux kernel’s USB sub-component and could be used to escalate privileges or access sensitive information without user interaction.

CVE-2024-53197 is a privilege escalation bug, while CVE-2024-53150 is an out-of-bounds read vulnerability that may lead to data exposure. Both carry a CVSS score of 7.8 and were initially fixed in the Linux kernel in December 2024.

Google confirmed that the two issues may have been exploited in “limited, targeted” attacks.

“These are both flaws in the kernel – the core part of the OS that acts as an intermediary between hardware and software,” said Adam Boynton, senior security strategy manager EMEIA at Jamf.

“CVE-2024-53150 would allow an attacker to access sensitive information without user interaction, while CVE-2024-53197 could lead to memory corruption or even privilege escalation if exploited by attackers.”

Vulnerabilities Linked to Cellebrite Exploits

One of the patched vulnerabilities, CVE-2024-53197, has been linked to an exploit chain used by Cellebrite, an Israeli digital forensics firm. 

According to Amnesty International, Cellebrite leveraged the flaw alongside CVE-2024-53104 and CVE-2024-50302 to gain access to the phone of a Serbian activist in December 2024.

All three vulnerabilities have now been addressed through recent Android updates.

Google did not share specific details about the real-world use of CVE-2024-53150, though researchers believe it may have been part of the same exploit chain.

The security-focused GrapheneOS project has also indicated similarities between the vulnerabilities.

Read more on Cellebrite’s involvement in mobile device exploitation: Amnesty Accuses Serbia of Tracking Journalists and Activists with Spyware

“These CVEs are public 1744132911,” Boynton added. “More attackers are likely to target devices that have not yet been updated.”

Fixes for 60 Additional Vulnerabilities

In addition to the two zero-days, Google’s April 2025 update includes fixes for 60 other vulnerabilities across various Android components. These include:

• 28 issues addressed in the 2025-04-01 patch level, covering System and Framework
• 31 additional vulnerabilities in the 2025-04-05 patch level, targeting Kernel, Qualcomm, MediaTek and other third-party components

There are no new patches in this cycle for Automotive OS or Wear OS

“With two vulnerabilities currently being exploited by cybercriminals, it’s absolutely essential that Android users update their devices immediately,” Boynton said.

“Although this is a targeted attack, we strongly recommend that all users update their Android OS.”

Pixel devices will receive the updates first, with other manufacturers like Samsung, OnePlus and Motorola expected to follow soon. Google says the patches were distributed to partners in January.

Image credit: Primakov / Shutterstock.com