Google has rolled out its April 2025 Android security update, fixing a total of 62 vulnerabilities, including two high-severity flaws that are currently being exploited by hackers in the real world.
These two vulnerabilities, both found in the USB sub-component of the Android Linux kernel, have been marked as high severity with a CVSS score of 7.8 each. Google confirmed that these flaws have been seen under “limited, targeted exploitation,” meaning real-world attacks using these bugs have already occurred.
Let’s take a closer look at the two actively exploited Android vulnerabilities:
CVE-2024-53150: This is an out-of-bounds read flaw in the USB part of the kernel. It could allow an attacker to access sensitive information from a device’s memory that they shouldn’t be able to read.
CVE-2024-53197: This is a privilege escalation vulnerability in the same USB kernel component. It could allow attackers to gain elevated permissions on the system, potentially letting them control critical parts of the device.
According to Google’s Android Security Bulletin for April 2025, the most serious vulnerability in this month’s patch set is a critical system bug that could lead to remote privilege escalation—a scenario where attackers can gain control of the device without needing any action from the user and without any extra permissions.
“User interaction is not needed for exploitation,” Google stated in the bulletin.
Exploits Linked to Targeted Spyware Attacks
Interestingly, CVE-2024-53197 is not a new vulnerability. It was already patched in the Linux kernel last year, along with two other related issues:
CVE-2024-53104
CVE-2024-50302
These three vulnerabilities were discovered to be part of a targeted cyberattack chain. According to Amnesty International, they were used together to hack into the Android phone of a youth activist in Serbia in December 2024. The attack involved chaining all three flaws to gain full control of the device.
Google has been gradually fixing these flaws across its security updates. Here’s the timeline:
CVE-2024-53104 was patched in the February 2025 Android update.
CVE-2024-50302 was addressed in the March 2025 update.
Now with the April 2025 patch, CVE-2024-53197 has also been resolved—effectively closing off the entire exploit chain.
This highlights the increasing trend of zero-day vulnerabilities—bugs that are exploited by attackers before developers can release a fix—being used in highly targeted surveillance attacks.
What’s Known About CVE-2024-53150?
At the moment, there is no detailed public information about how CVE-2024-53150 is being exploited, who the threat actors are, or who the specific victims might be. However, Google has classified the exploitation as “limited and targeted,” which often suggests use in espionage or spyware campaigns against specific individuals or groups.
Why These Android Vulnerabilities Matter
Vulnerabilities in Android’s Linux kernel components are especially dangerous because they operate at a low level of the operating system. If exploited successfully, they can bypass key Android security features, including sandboxing, app isolation, and user permission checks.
In practical terms, this means attackers could potentially:
Spy on users by accessing data and communications
Install malicious apps silently
Use the infected device to attack other systems
Disrupt the device’s normal operation
Because these vulnerabilities are already being exploited, they pose a real-world threat to Android users, especially those in sensitive roles like journalists, activists, and government officials.
What Android Users Should Do
Google provides security patches to Android device manufacturers (OEMs), who then release them to users. Depending on your phone’s brand and model, the update may take some time to reach your device.
Here’s what users can do to stay protected:
Check for updates regularly – Go to Settings > System > Software Update and install the latest security patches as soon as they become available.
Avoid sideloading apps – Install apps only from the official Google Play Store.
Use a mobile security app – Trusted antivirus tools can help detect suspicious behavior.
Enable Google Play Protect – This scans apps in real time for harmful behavior.
Stay informed – Follow Android security bulletins and news to know about new threats.
Conclusion
With two serious Android vulnerabilities already being exploited and tied to past surveillance incidents, the April 2025 security update from Google is critical for user safety. These bugs underline how important it is to regularly patch Android devices, especially as mobile spyware and targeted cyberattacks become more sophisticated.
If you own an Android device, don’t wait—apply the update as soon as it becomes available from your device’s manufacturer. Taking quick action can help protect your data, privacy, and device from serious threats.
Follow us on 
(Twitter) for real time updates and exclusive content.
Interesting Article : Cryptojacking via VS Code, Hidden Crypto Miners Found in 300K Devices