Google's Update to Fix Zero-Day Flaws

Google released an important update to fix two security issues in Android devices. These issues, known as zero-day flaws, could be used by hackers to attack Android phones. Google mentioned that these flaws may have been used in real-life attacks or could still be a threat. Users are encouraged to update their devices to protect against these vulnerabilities.

Security Issues Found by Amnesty International and Google

One of the zero-day flaws, CVE-2024-53197, was discovered by Amnesty International in collaboration with Benoît Sevens from Google’s security team. Amnesty reported that Cellebrite, a company that helps law enforcement unlock phones, used a chain of vulnerabilities to hack into Android devices. The flaw fixed on Monday was part of this attack. Local authorities in Serbia used these flaws to target a student activist, demonstrating how real-world hackers might exploit these issues.

Details of the Second Vulnerability

The second flaw, CVE-2024-53150, was also identified by Sevens and is related to a problem in the core system of Android, known as the kernel. Although there isn’t much public information about this vulnerability, its presence highlights the need for users to stay vigilant and ensure their devices are updated with the latest security patches.

How Android’s Security Measures Protect Users

Google’s Android security platform, including Google Play Protect, plays an essential role in protecting devices from security threats. Play Protect helps detect and prevent harmful apps from being installed, reducing the likelihood of successful exploitation. Additionally, newer versions of Android offer stronger security features, so users are encouraged to update their devices to the latest version to stay protected.

Why You Should Update Your Android Device?

If your device is running the April 5, 2025, or later security patch level, the vulnerabilities should already be fixed. Google has notified Android partners about these issues a month in advance, and updates with fixes will be available in the Android Open Source Project (AOSP) within 48 hours. To check your device’s security patch level, follow the instructions provided by Google. By keeping your Android device updated, you ensure that these security issues, including CVE-2024-53150 and CVE-2024-53197, are addressed and your device remains safe from potential attacks.