This marks the third consecutive month that Google has issued emergency patches for actively exploited vulnerabilities, highlighting the ongoing security challenges facing the Android ecosystem. When exploited, this out-of-bounds read vulnerability (CWE-125) could potentially expose sensitive kernel memory contents, compromising system security. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The patches have been released in two security patch levels (2025-04-01 and 2025-04-05), with the latter containing the fixes for the actively exploited vulnerabilities. These vulnerabilities impact devices across multiple Android versions, from Android 12 through 15, with particular concern for devices that haven’t received timely security updates. Samsung’s April 2025 security update addresses over 60 vulnerabilities in total, including these critical kernel flaws. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Security researchers from GrapheneOS have noted that conventional device locks—including passwords, fingerprints, and facial recognition—may not fully protect against exploitation of these flaws. Users are strongly advised to update their devices immediately to security patch level 2025-04-05 or later to mitigate these serious security risks. Notably, Google’s Threat Analysis Group previously reported a 50% increase in zero-day exploits observed in 2023 compared to 2022, with 48 vulnerabilities attributed to espionage actors and 49 to financially motivated hackers. The second actively exploited vulnerability, CVE-2024-53197, also affects the Linux kernel’s ALSA USB audio driver, specifically impacting Extigy and Mbox device configurations. She is covering various cyber security incidents happening in the Cyber Space.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 08 Apr 2025 10:30:09 +0000