Overview

• Google's April 2025 Android security update fixes two zero-day vulnerabilities (CVE-2024-53150 and CVE-2024-53197) actively exploited in targeted attacks.
• The update also patches 62 security flaws, including elevation of privilege and information disclosure vulnerabilities across various components.
• CVE-2024-53197, exploited by Cellebrite, was used in attacks against activists, including a Serbian student, highlighting risks of forensic exploitation.
• Pixel devices are receiving the update immediately, while other manufacturers like Samsung are rolling out patches, albeit with some delays.
• Google follows a coordinated patch release process, notifying partners a month in advance to synchronize updates across the Android ecosystem.