Google has shipped patches for 62 vulnerabilities, two of which it stated have been exploited within the wild.
The 2 high-severity vulnerabilities are listed beneath –
- CVE-2024-53150 (CVSS rating: 7.8) – An out-of-bounds flaw within the USB sub-component of Kernel that might lead to data disclosure
- CVE-2024-53197 (CVSS rating: 7.8) – A privilege escalation flaw within the USB sub-component of Kernel
“Essentially the most extreme of those points is a vital safety vulnerability within the System part that might result in distant escalation of privilege with no further execution privileges wanted,” Google stated in its month-to-month safety bulletin for April 2025. “Consumer interplay shouldn’t be wanted for exploitation.”
The tech large additionally acknowledged that each the shortcomings could have come underneath “restricted, focused exploitation.”
It is value noting that CVE-2024-53197 is rooted within the Linux kernel and was patched final 12 months, alongside CVE-2024-53104 and CVE-2024-50302. All three vulnerabilities, per Amnesty Worldwide, are stated to have been chained together to interrupt right into a Serbian youth activist’s Android telephone in December 2024.
Whereas CVE-2024-53104 was addressed by Google in February 2025, CVE-2024-50302 was remediated final month. With the newest replace, all three vulnerabilities have been mounted, successfully plugging the exploit path.
There are presently particulars on how CVE-2024-53150 has been exploited in real-world assaults, by whom, and who could have been focused in these assaults. Customers of Android gadgets are suggested to use the updates as and when Android unique gear producers (OEMs) launch them.
Source link