Google on Monday rolled out the April 2025 security update for Android, which resolves two kernel vulnerabilities already exploited in the wild.
The flaws, tracked as CVE-2024-53150 and CVE-2024-53197, impact the ALSA: usb-audio component and were addressed in the Linux kernel in December 2024.
In its advisory, Google notes that the two security defects “may be under limited, targeted exploitation”, without providing additional information on them.
In February, however, Amnesty International revealed that CVE-2024-53197 had been exploited by Cellebrite’s mobile forensic tools to extract data from the device of a Serbian student activist.
The tool was seen exploiting two additional vulnerabilities, namely CVE-2024-53104 and CVE-2024-50302, which were addressed in Android in February and March, respectively. Exploitation of these types of vulnerabilities requires physical access via USB to a device and enables the extraction of data from locked smartphones.
It is worth noting that there have been no reports of CVE-2024-53150 being exploited in attacks prior to Google’s advisory. However, given that it’s similar to CVE-2024-53197, the flaw is likely part of the same batch of vulnerabilities exploited by Cellebrite, according to the developers of the security- and privacy-focused mobile operating system GrapheneOS.
In addition to these two flaws, Android’s April 2025 update addresses roughly 60 other issues, including three bugs in Project Mainline components.
According to Google, the most severe of these security defects is CVE-2025-26416, an elevation of privilege vulnerability in the System component that impacts Android 13, 14, and 15.
“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation,” the internet giant explains.
The flaw was resolved with Android’s 2025-04-01 security patch level, which fixes 28 bugs, split evenly between the Framework and System components. Two other issues are rated ‘critical severity’.
The second part of this month’s update arrives on devices as the 2025-04-05 security patch level and addresses 31 vulnerabilities in Kernel, Arm, Imagination Technologies, MediaTek, and Qualcomm components.
On Monday, Google announced that no security patches specific to Automotive OS and Wear OS were included in this month’s updates for these operating systems — the updates still include the regular Android patches.
Users are advised to update their devices to a security patch level of 2025-04-05, which includes fixes for all the vulnerabilities in the April 2025 Android security bulletin.
Related: Qualcomm Extends Security Support for Android Devices to 8 Years
Related: First Android Update of 2025 Patches Critical Code Execution Vulnerabilities
Related: Android Zero-Day Exploited in Spyware Campaigns, Amnesty International Points to Cellebrite
Related: Google Open Sources Security Patch Validation Tool for Android