Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin.
When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published. The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days.
The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
You can find your device’s Android version number, security update level, and Google Play system level in your Settings app. You’ll get notifications when updates are available for you, but you can also check for them yourself.
For most phones it works like this: Under About phone or About device you can tap on Software updates to check if there are new updates available for your device, although there may be slight differences based on the brand, type, and Android version of your device.
If your Android phone shows patch level 2025-04-05 or later then you can consider the issues as fixed. The difference with patch level 2025-04-01 is that the higher level provides all the fixes from the first batch and security patches for closed-source third-party and kernel subcomponents, which may not necessarily apply to all Android devices.
Keeping your device as up to date as possible protects you from known vulnerabilities and helps you to stay safe.
Technical details
The zero-days are both located in the kernel:
CVE-2024-53150: an out-of-bounds flaw in the USB sub-component of the Linux Kernel that could result in information disclosure. Local attackers can exploit this flaw to access sensitive information on vulnerable devices without user interaction.
The out of bounds vulnerability was caused by the USB-audio driver code which failed to check the length of each descriptor before passing it on. There are currently no details on how CVE-2024-53150 has been exploited in real-world attacks, by whom, and who may have been targeted in those attacks.
CVE-2024-53197: a privilege escalation flaw in the USB audio sub-component of the Linux Kernel. Again, no user interaction is required.
This vulnerability is the missing link to CVE-2024-50302 and CVE-2024-53104 which put together were reportedly exploited in Serbia by law enforcement using Cellebrite forensic tools to unlock a student activist’s device and attempt spyware installation.
We don’t just report on phone security—we provide it
Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.