Google Patches Two Actively Exploited Android Zero-Day Vulnerabilities

The April 2025 Android security update addresses 62 vulnerabilities, including critical flaws used in targeted attacks, with updates rolling out to Pixel devices and other manufacturers following suit.

Google's April 2025 Android security update fixes two zero-day vulnerabilities (CVE-2024-53150 and CVE-2024-53197) actively exploited in targeted attacks.
The update also patches 62 security flaws, including elevation of privilege and information disclosure vulnerabilities across various components.
CVE-2024-53197, exploited by Cellebrite, was used in attacks against activists, including a Serbian student, highlighting risks of forensic exploitation.
Pixel devices are receiving the update immediately, while other manufacturers like Samsung are rolling out patches, albeit with some delays.
Google follows a coordinated patch release process, notifying partners a month in advance to synchronize updates across the Android ecosystem.