Google has released its April 2025 Android Security Bulletin , which includes patches for 62 vulnerabilities affecting Android devices. Two of the fixes address critical zero-day flaws that may have been exploited in “limited, targeted” attacks, according to Google. Zero-days are security vulnerabilities that are exploited before the software developer can identify the flaw and issue a patch.
The security update for April includes fixes for a range of issues, many of which elevation of privilege flaws, as well as vulnerabilities with Qualcomm, MediaTek, Arm, and Imagination Technologies components.
Two serious exploits
One of the zero-day exploits (labeled CVE-2024-53197) is an elevation of privilege flaw in the Linux kernel’s USB-audio driver for ALSA Devices. According to Bleeping Computer , this vulnerability was identified by Amnesty International’s Security Lab in 2024 as part of a chain—along with one flaw fixed in February and another in March —used by Serbian police to target activists.
The other zero-day (labeled CVE-2024-53150) is an information disclosure vulnerability in the Android kernel that permits local attackers to gain access to data without the device user’s input.
If you’re an Android user, you should be sure your device is up to date with this latest patch.
How to update your Android
Google issues patches for both its Pixel phones and the core Android Open Source Project (AOSP) code and gives manufacturers of other devices—like Samsung, Motorola, and Nokia—advance notice so they can push updates around the same time. If you have an Android, you should get a notification to install an update when one is available.
You can also go to About phone or About tablet > Android version to ensure your device is up to date and check your update status (under System > Software update or System update). If a patch is required, follow the prompts to download and install updates.
Any device running Android 10 or later may receive both security updates and Google Play system updates. This round of patches applies to AOSP versions 13, 14, and 15 and is split into two parts, the most recent of which is dated 2025-04-05.
