Overview

• Google's April 2025 Android Security Bulletin includes fixes for 62 vulnerabilities, with two zero-day flaws (CVE-2024-53197 and CVE-2024-53150) under active exploitation.
• CVE-2024-53197, an elevation of privilege flaw, was identified by Amnesty International and Google's Threat Analysis Group and has been used in targeted attacks against a Serbian student activist.
• CVE-2024-53150, a kernel memory flaw, enables local data exfiltration and has been linked to forensic tools like Cellebrite, highlighting risks to device security.
• The update also addresses a range of vulnerabilities affecting chipset components from Qualcomm, MediaTek, Arm, and Imagination Technologies.
• Samsung has faced criticism for delayed patch rollouts, with its April update arriving a month after Google's Pixel devices, potentially leaving users exposed to security threats longer.