1 week Ago By Omair Pall
Google has recently rolled out important security updates to fix two major vulnerabilities in Android devices that had been actively exploited by hackers. These flaws posed a significant risk, potentially giving attackers unauthorized access to millions of Android phones, which understandably raised concerns about user security. According to a security bulletin published on April 7, 2025, Google stated that the vulnerabilities were "under limited, targeted exploitation," meaning that hackers were already using them to compromise Android systems.
One of these vulnerabilities is particularly concerning because it's a zero-click exploit. What makes zero-click attacks so dangerous is that they don’t require any action from the user—there’s no need to open a malicious email or click on a suspicious link. Malicious software can be sent directly to the device without any interaction, making these attacks harder to spot and defend against.
The second vulnerability, also a zero-day flaw, was found in the Android operating system's kernel, the core that controls how the device operates. If exploited, this flaw could have given attackers full control of affected devices, making it even more dangerous. Google fixes Android zero-days exploited in attacks, 60 other flaws in today's April Android Security Update pic.
twitter.com/DC3TNxh3HD — SabatAge (@sabatage) April 7, 2025 These security issues were first discovered by Amnesty International, working alongside Google's Threat Analysis Group (TAG). The first vulnerability, known as "CVE-2024-53150," was flagged by Amnesty, while the second, "CVE-2024-53197," was identified by Google's own team, which focuses on detecting cyberattacks linked to state-backed groups.
This highlights the growing sophistication of cyber threats targeting Android users. What's particularly notable about these vulnerabilities is that they come on the heels of a report by Amnesty International, which accused Israeli forensic software vendor Cellebrite of exploiting similar zero-day flaws to hack into Android phones. Cellebrite’s tools are used by law enforcement agencies to unlock and examine phones in criminal investigations, but this raises concerns about how these vulnerabilities might be used for surveillance.
In response to these security risks, Google acted quickly, releasing patches to address the flaws and promising that updates to the source code would be available within 48 hours through the Android Open Source Project (AOSP). This is a crucial step in ensuring that device manufacturers and developers can implement the fixes across their platforms. Google’s practice of notifying Android partners about security issues a month before publicly releasing bulletins also ensures that the fixes are rolled out in a timely manner.
While these patches are now available, the exploitation of these vulnerabilities serves as a stark reminder of the ever-evolving nature of cyber threats. It’s a call for Android users to stay vigilant and keep their devices updated to protect themselves against these and future attacks..
