Google’s April 2025 Android security update fixes a zero-day that was used to target a student activist in Serbia. This critical vulnerability, along with another zero-day and many others, shows how hard mobile security is and how important updates are.
The update’s worst part is CVE-2024-53197, a critical security flaw in the Linux kernel’s USB-audio driver for ALSA devices that could give unauthorized elevated access. This zero-day was used in a targeted attack against a Serbian student activist with tools developed by Cellebrite, an Israeli digital forensics company known for its phone data extraction capabilities.
During a 2024 mid-year audit, Amnesty International’s Security Lab found this exploit and a chain of previously unknown vulnerabilities that bypassed Android’s built-in security. This is big, as the vulnerability affected billions of devices worldwide before today’s update.
CVE-2024-53197: The Most Critical Vulnerability in the Update
This high-severity flaw in the USB subcomponent of the Linux kernel could allow bad actors to escalate privileges or access sensitive info without user interaction. The fact that it’s been exploited in the wild shows how sophisticated modern threats are and how targeted attacks can be.
CVE-2024-53150: Another Critical Zero-Day
The second zero-day, CVE-2024-53150, is an Android Kernel info disclosure vulnerability due to an out-of-bounds read. Google hasn’t disclosed details on real-world exploitation, but researchers think it might have been part of the same exploit chain as CVE-2024-53197.
This vulnerability could enable attackers with local device access to extract confidential information without any user-initiated actions.
Beyond these zero-days, the April 2025 update patches 62 vulnerabilities across Android components. The patches are split into two levels:
- 2025-04-01 patch level, 28 vulnerabilities in System and Framework components.
- 2025-04-05 patch level, 33 vulnerabilities in Kernel, Qualcomm, MediaTek, and other 3rd party components.
Google labeled four of these as “Critical”, but there’s no evidence of active exploitation of these specific issues.
Pixel-specific updates and fixes
This April 2025 update comes after the final feature drop for Android 15, which was released in March 2025. That update brought Gemini, Gboard and other features. With Android 16 coming in the next quarterly release, the tech community is waiting for the new features and security fixes.
While the interim updates between major Android releases are usually just security patches and not new features, the discovery and patching of these zero-day vulnerabilities show how important these monthly updates are in securing the Android ecosystem.
In addition to the Android security patches, Google has released Pixel-specific updates for:
- Biometrics: Fixed fingerprint recognition and response under certain conditions.
- Camera: Improved zooming in and out.
- Display & graphics: Fixed screen brightness flicker in video streaming apps.
- User interface: The update fixes UI issues, including weather info overlapping on the lock screen and Pixel Launcher issues when setting up new user profiles or switching accounts.
These fixes are for all supported Pixel devices from Pixel 6 to Pixel 9a.
The April 2025 Android update is a reminder of the threats that are always present in the digital world. The exploitation of a zero-day vulnerability to target a student activist shows the real-world impact of these security flaws and how technology can be used for surveillance and oppression.
