Google has patched two critical zero-day vulnerabilities in Android, tracked as CVE-2024-53150 and CVE-2024-53197, which were actively exploited before the release of fixes. These vulnerabilities relate to the Linux kernel’s USB-audio driver, posing significant security risks as they could lead to full device compromise. Affected: Android devices, specifically versions prior to the April 2025 patch.
Keypoints :
- Google issued security updates on April 8, 2025, addressing 62 vulnerabilities.
- CVE-2024-53150 is an out-of-bounds read vulnerability in the USB-audio driver.
- CVE-2024-53197 is an out-of-bounds write vulnerability that can lead to privilege escalation.
- Both vulnerabilities scored 7.8 on the CVSS scale, indicating high severity.
- Active exploitation was observed, particularly by state actors against targeted individuals.
- Users are advised to install the latest security updates and be cautious with USB connections.
Full Story: https://gridinsoft.com/blogs/two-android-zero-day-vulnerabilities-fix/