Google’s April 2025 Android Security Bulletin reveals the discovery and patching of several critical vulnerabilities, including two zero-day flaws—CVE-2024-53150 and CVE-2024-53197—that are actively being exploited in targeted attacks. This marks the third month in a row where emergency patches were required, underscoring the persistent security risks within the Android ecosystem. These vulnerabilities affect a wide range of devices running Android 12 through 15, particularly those that haven't received timely updates. Google's continuous patch cycle highlights the importance of prompt security maintenance across the Android supply chain.

CVE-2024-53150 is an out-of-bounds read vulnerability (CWE-125) in the Linux kernel’s ALSA USB-audio driver. It arises due to improper validation of the bLength parameter when processing clock descriptors. This flaw can expose sensitive kernel memory, potentially leading to information disclosure. It affects multiple kernel versions including 5.4.287 through 6.12.2+, (High). While the exploit requires local access, it does not need user interaction, making it a serious risk for compromised or physically accessed devices.

The second vulnerability, CVE-2024-53197, also impacts the ALSA USB-audio driver but targets Extigy and Mbox configurations. It involves a memory allocation mismatch caused by a malicious USB device presenting an invalid bNumConfigurations value. This can lead to out-of-bounds memory access in the usb_destroy_configuration function, potentially resulting in privilege escalation or system crashes. It requires physical access, which is a common attack vector in forensic or surveillance scenarios. Researchers from GrapheneOS have highlighted that conventional device locks may not prevent these attacks, suggesting possible use by spyware vendors like Cellebrite.

In response, Google has released patches for Pixel devices and confirmed that source code updates will be published to the Android Open Source Project (AOSP) within 48 hours. Samsung has also addressed over 60 vulnerabilities in its April 2025 update, showing faster response than in past incidents. The critical fixes are part of the 2025-04-05 patch level, while a preliminary 2025-04-01 patch addresses general issues. Users are urged to update their devices immediately to the latest security patch to mitigate risk. With a 50% increase in zero-day exploits observed in 2023, many linked to espionage and financially motivated actors, the importance of timely patching and strong security posture cannot be overstated.