Summary: Google has released patches for 62 vulnerabilities in the April 2025 Android security update, addressing two zero-days exploited in targeted attacks. One zero-day was reportedly used by Serbian authorities in conjunction with Cellebrite technology to unlock confiscated devices. The updates aim to enhance security and mitigate risks associated with high-severity vulnerabilities uncovered in recent months.
Affected: Android operating system
Keypoints :
- Two zero-days (CVE-2024-53197 and CVE-2024-53150) fixed, with one allowing privilege escalation and the other enabling information disclosure.
- Exploited by Serbian authorities and linked to Cellebrite’s exploit chain, which was discovered by Amnesty International’s Security Lab.
- Google provided patches proactively to OEM partners and released updates covering over 60 security vulnerabilities, with immediate deployment on Google Pixel devices.