Significant Android Zero-Day Security Flaws That Hackers Exploit Are Fixed by Google

Google's most recent security update, which started to be distributed to users on Monday, addresses two zero-day security vulnerabilities that affect Android devices. The business claims to be aware of the potential for users to be targeted by exploiting these two high-severity vulnerabilities. A zero-click exploit that gives hackers access to private data on a user's device without any user involvement is made possible by one of the vulnerabilities. While other smartphone users will have to wait until their smartphone manufacturer releases these upgrades, Pixel users should update their smartphones to ensure they get the most recent security patches.

Google Fixes 62 Vulnerabilities Affecting Android Devices

The latest Android security update began rolling out to eligible devices on Monday, along with fixes for two flaws identified as CVE-2024-53150 and CVE-2024-53197, two flaws in the USB subcomponent o f the Android Kernel. The latter could allow hackers to remotely gain elevated privileges on an affected smartphone, and the exploit did not need user interaction, according to Google.

The CVE-2024-53197 was used in conjunction with two other vulnerabilities that were previously patched — CVE-2024-53104 and CVE-2024-50302 — to access an Android smartphone used by a Serbian activist, according to a report. Users with updated smartphones should be protected against such an exploit.

There's no word from Google on how the CVE-2024-53150 vulnerability was used to target users. The description of the security flaw on the NIST database reveals that an out-of-bounds flaw discovered in the USB subcomponent of the Android Kernel could result in sensitive information disclosure.

Meanwhile, Google's Android security bulletin for April also reveals that 60 other security vulnerabilities with varying severity ratings have been patched with the latest update. These include a handful of high-severity flaws that allowed hackers to gain elevated privileges on an unpatched smartphone.

Google Pixel users can download the latest Android update to their smartphone, which should bring the security patch to 05-04-2024. Other smartphone users will have to wait for a few weeks (or months in some cases) for the relevant security updates to reach their handsets in the form of a security update. Regardless, users should install the latest security patches as soon as they are available in order to remain protected against the two critical vulnerabilities patched by Google.