Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Major Android security update patches a host of actively exploited flaws, so download now

Android Google
Android reboot interface.
  • Google's new advisory details 62 Android security vulnerabilities
  • Some of them are deemed critical, and for some no user interaction is required
  • At least two flaws were being actively abused in the wild

Google has released a major new update for Android addressing more than 60 security vulnerabilities, including two which are being actively exploited in the wild, and a few with a critical severity rating.

In a security advisory published on the Android blog, Google said there are indications two flaws “may be under limited, targeted exploitation”.

The vulnerabilities are tracked as CVE-2024-53150 and CVE-2024-53197 and are now patched.

Targeting protestors

According to Amnesty International, the latter flaw was used in late 2024 to break into a Serbian youth activist’s Android phone, after being chained with two additional flaws.

In Serbia, protests against the government have been raging for months, after an eave on a railway station collapsed, killing 16 people.

The country’s students, leading the protests, demanded the release of all documents related to the renovation of the Novi Sad railway station. They believe that making these documents public will shed light on any corruption or negligence involved in the project. ​

In total, Google fixed 62 flaws. While there is no evidence that the rest are being abused in the wild, there are still a few dangerous ones that warrant fast patching.

“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote escalation of privilege with no additional execution privileges needed,” Google warned.

“User interaction is not needed for exploitation. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.”

In total, there are three flaws that were labeled as critical: CVE-2025-22429, CVE-2025-26416, and CVE-2025-22423.

Via The Hacker News

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Zak Starkey shares epic unreleased studio recording of Guns N' Roses, Ringo Starr and Elton John covering T. Rex's Children Of The Revolution
Starkey's post comes just days after he was fired by The Who
Metal Hammer
Metal Hammer
5 best Michael B. Jordan movies (ranked): where to watch Black Panther and more
WTW’s lead movie writer takes a look at the highlights from Michael B. Jordan’s career to date and ranks his best movies.
WhatToWatch
WhatToWatch
The 5 worst houseplants for beginners – experts reveal the difficult plants to avoid, plus easy alternatives to choose instead
Caring for these houseplants successfully requires a lot of of TLC
Homes & Gardens
Homes & Gardens
Make sure your smartwatch calorie burn is accurate with this scientific calculator
Different smartwatch brands calculate burned calories from workouts very inconsistently. This scientific tool gives you exact data.
Android Central
Android Central
“This Is Why I Don’t Do Potlucks”: 71 Of The Worst Dishes Someone Had The Audacity To Serve (New Pics)
New fear unlocked: other people's kitchens.
Bored Panda
Bored Panda
Jelly Roll 'feels bad' for his wife Bunnie XO because he has this 'annoying' habit
Jelly Roll "feels bad" for his wife because he has an "annoying" habit that he just can't shake.
BANG Premier
BANG Premier
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.
Download on the AppStore Get it on Google Play