Google’s April 2025 Android Update: Zero-Day Drama and Serbian Shenanigans!
Google’s April 2025 security update patches 62 Android vulnerabilities, including zero-days exploited by Serbian authorities with Cellebrite’s help. The star of the show is a privilege-escalation flaw in the USB-audio driver. Meanwhile, Pixel users get the VIP treatment with immediate updates, leaving other Android devices to wait in line.
Hot Take:
Google’s latest security update is like an Easter egg hunt for hackers, except the eggs are zero-days, and the basket is the Android ecosystem. While Serbian authorities may have thought they hit the jackpot with their exploit chain, Google was quick to rain on their parade with a patch party. Remember, folks, not all Easter eggs are meant to be found!
Key Points:
- Google released patches for 62 Android vulnerabilities, including two zero-days.
- The first zero-day is a high-severity privilege escalation in the Linux kernel’s USB-audio driver.
- The second zero-day allows for information disclosure due to an out-of-bounds read.
- Amnesty International discovered the exploit chain used by Serbian authorities.
- Google’s updates are immediately available for Pixel devices, but other Android devices may experience delays.
Already a member? Log in here