Summary: Google has released the April 2025 security update for Android, which addresses two critical kernel vulnerabilities, CVE-2024-53150 and CVE-2024-53197, that have been exploited in real-world attacks. The update includes fixes for approximately 60 additional security issues, with a special emphasis on a critical elevation of privilege flaw that could allow remote exploitation without user intervention. Users are encouraged to update their devices to the latest security patch level to ensure protection against these vulnerabilities.
Affected: Android operating system
Keypoints :
- Two kernel vulnerabilities (CVE-2024-53150 and CVE-2024-53197) were exploited in the wild, impacting the ALSA: usb-audio component.
- The most severe vulnerability in the April update (CVE-2025-26416) allows for remote escalation of privilege without user interaction.
- The update also includes fixes for 60 other vulnerabilities, with specific patches for frameworks and system components.
Source: https://www.securityweek.com/android-update-patches-two-exploited-vulnerabilities/