Google fixes Android zero-days exploited in attacks, 60 other flaws

Google has released patches for 62 vulnerabilities in Android's April 2025 security update, including two zero-days exploited in targeted attacks. One of the zero-days, a high-severity privilege escalation security vulnerability (CVE-2024-53197) in the Linux kernel's USB-audio driver for ALSA Devices, was reportedly exploited by Serbian authorities to unlock confiscated Android devices as part of a zero-day exploit chain developed by Israeli digital forensics company Cellebrite. This exploit chain—which also included a USB Video Class zero-day (CVE-2024-53104) patched in February and a Human Interface Devices zero-day (CVE-2024-50302) patched last month)—was discovered by Amnesty International's Security Lab in mid-2024 while analyzing logs found on devices unlocked by Serbian police. Google told BleepingComputer in February that these fixes were shared with OEM partners in January. "We were aware of these vulnerabilities and exploitation risk prior to these reports and promptly de ... Read full article.