Google has issued its April security update, addressing 62 vulnerabilities affecting Android devices. The update includes two actively exploited flaws, CVE-2024-53197 and CVE-2024-53150, which allow attackers to obtain sensitive data and may be under limited targeted exploitation.
The Linux kernel’s USB audio driver is affected by both high-severity vulnerabilities, with the most severe exploit carrying a CVSS score of 7.1. Google attributed one vulnerability to an Israel-based digital forensics company, Cellebrite, in conjunction with Serbian security services.
Google’s update also addresses 12 high-severity flaws and one critical flaw affecting the Android system, as well as 13 high-severity vulnerabilities affecting the Android framework. The update contains two patch levels: 2025-04-01 and 2025-04-05.
Android device manufacturers will receive security patches on a slower timeline, with Google Pixel users getting updates automatically. The source code patches for all 62 vulnerabilities will be released to the Android Open Source Project repository by Wednesday, allowing developers to address the issues.
Source: https://cyberscoop.com/android-security-update-april-2025