Google has released an update for Android that fixes two zero-day flaws, which have been exploited in real-world scenarios by hackers. The two vulnerabilities, CVE-2024-53197 and CVE-2024-53150, were identified by Amnesty International and Google’s Threat Analysis Group.
One of the patched vulnerabilities was found to be used by local authorities against a Serbian student activist who was being targeted with Cellebrite, a device company that sells phones to law enforcement. Amnesty discovered that Cellebrite was exploiting multiple zero-day vulnerabilities in Android to hack into phones.
The second vulnerability’s discovery is attributed to Google’s BenoĆ®t Sevens, and the flaw was found in the kernel, the core of an operating system. However, no further information is available on this vulnerability at this time.
Google has released its advisory stating that one of the most severe vulnerabilities could lead to remote escalation of privilege with minimal user interaction required for exploitation. The company plans to push source code patches for the two fixed zero-days within 48 hours and will notify Android partners a month in advance before publication.
Source: https://techcrunch.com/2025/04/08/google-fixes-two-android-zero-day-bugs-actively-exploited-by-hackers