Google fixes two actively exploited zero-day vulnerabilities in Android


Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.

The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.

Read more…
Source: Malwarebytes Labs


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • BT spots 2,000 potential attacks on its network a second

    September 12, 2024

    Britain’s BT said it was spotting 2,000 signals of potential cyber-attacks across its network every second, as criminals were increasingly using disposable “bots” to try to evade existing blocking and security measures. The telecoms group said on Thursday that digital surveillance activity by hackers using malicious scanning “bots” was 1,200% higher in July compared to the ...

  • Business Email Compromise: The $55 Billion Scam

    September 11, 2024

    Business Email Compromise/Email Account Compromise (BEC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. The scam is frequently carried out when an individual compromises legitimate business or personal email accounts through social engineering (PSA I-041124-PSA) or computer intrusion to conduct unauthorized transfers of funds. Often times BEC variations involve ...

  • Insights on Cyber Threats Targeting Users and Enterprises in Mexico

    September 10, 2024

    Like many countries across the globe, Mexico faces a cyber threat landscape made up of a complex interplay of global and local threats, with threat actors carrying out attempted intrusions into critical sectors of Mexican society. Mexico also faces threats posed by the worldwide increase in multifaceted extortion, as ransomware and data theft continue to rise. ...

  • Nearly 1M Medicare beneficiaries potentially affected after data breach

    September 10, 2024

    Nearly 1 million Medicare beneficiaries are being warned that their personal information may have been compromised in a cybersecurity incident last year. The Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS), the contractor that utilized the affected MOVEit software, said last week that 946,801 people on Medicare were notified that ...

  • Multiple Vulnerabilities in Veeam Backup & Replication

    September 9, 2024

    On Wednesday, September 4, 2024, backup and recovery software provider Veeam released their September security bulletin disclosing various vulnerabilities in Veeam products. One of the higher-severity vulnerabilities included in the bulletin is CVE-2024-40711, a critical unauthenticated remote code execution issue affecting Veeam’s popular Backup & Replication solution. Notably, upon initial disclosure, the Veeam advisory listed the ...

  • Progress Software Releases Security Advisory for LoadMaster

    September 9, 2024

    Progress has released a security advisory addressing one critical vulnerability affecting all LoadMaster products. CVE-2024-7591 has a CVSSv3 score of 10.0 and could allow an unauthenticated, remote attacker with access to the management interface to issue a carefully crafted HTTP request that will allow execution of arbitrary system commands. Progress LoadMaster is an application delivery controller ...