Android Users Urged to Update Now Amid Active Security Exploits

Heads up, Android users! Google just pushed out a security update addressing a whopping 62 vulnerabilities. What's particularly concerning? Two of these flaws are already being exploited in the wild.

So, what are these actively exploited vulnerabilities?

• CVE-2024-53150 (CVSS score: 7.8): This is an out-of-bounds read issue in the Kernel's USB component. Think of it as a security guard accidentally showing sensitive information.
• CVE-2024-53197 (CVSS score: 7.8): Also in the Kernel's USB component, this one's a privilege escalation flaw. Basically, someone could trick the system into giving them more access than they should have.

According to Google's April 2025 security bulletin, the most critical of these issues could allow an attacker to remotely gain elevated privileges without needing any special permissions. Scary stuff, especially since no user interaction is needed to trigger the exploit!

The tech giant also suspects these vulnerabilities have been used in "limited, targeted exploitation."

Interestingly, CVE-2024-53197 has roots in the Linux kernel and received a patch last year, along with CVE-2024-53104 and CVE-2024-50302. Amnesty International believes these three were chained together to compromise a Serbian youth activist's Android phone back in December 2024.

While CVE-2024-53104 was patched in February 2025 and CVE-2024-50302 was fixed last month, this latest update completes the job, closing off that particular attack route.

As for CVE-2024-53150, details about real-world exploitation remain scarce. We don't know exactly how it's being used, who's behind it, or who the targets are. The bottom line? Android users should install the updates as soon as their device manufacturer (OEM) makes them available.