Google fixes two actively exploited zero-day vulnerabilities in Android


Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.

The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.

Read more…
Source: Malwarebytes Labs


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Federal Reserve “breached” data may actually belong to Evolve Bank

    June 26, 2024

    A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. On LockBit’s dark web leak site, the group threatened to release over 30 TB of banking information containing Americans’ banking data if a ransom wasn’t paid by June 25. ...

  • Ransomware disrupts South Africa’s national health lab

    June 26, 2024

    South Africa’s response to an ongoing Mpox outbreak is being stymied by a ransomware attack against its National Health Laboratory Service, which resulted in the deletion of backup servers and other parts of its system, hindering lab result dissemination since Saturday. While no patient information was noted to be impacted by the compromise, such an attack ...

  • New SnailLoad side-channel attack detailed

    June 25, 2024

    SecurityWeek reports that website and content inferencing could be remotely conducted by threat actors without direct network traffic access via the new SnailLoad side-channel attack technique. Several latency measurements for websites and YouTube videos viewed by targets are being conducted by threat actors to establish digital fingerprints before luring targets to download files from a malicious ...

  • LockBit hackers claim to have cracked the US Federal Reserve

    June 25, 2024

    The LockBit cybercrime gang has claimed to have stolen an enormous database from the US Federal Reserve, which includes sensitive banking information about American citizens – but the claim is being met with suspicion. Earlier this week, the infamous ransomware operator added the Fed on its data leak site, saying it had acquired an archive containing ...

  • UK and US cops band together to tackle Qilin’s ransomware shakedowns

    June 25, 2024

    UK and US cops have reportedly joined forces to find and fight Qilin, the ransomware gang wreaking havoc on the global healthcare industry. In early June, the notorious Russia-based crew attacked Synnovis, which provides pathology services to National Health Service’s London hospitals. The digital intrusion has led to the cancellation or postponement of surgeries for thousands ...

  • Indonesian government says national data center was hit in ransomware attack – but it won’t pay up

    June 25, 2024

    The government of Indonesia has suffered a ransomware attack that crippled many of its organizations and caused quite a nuisance for its citizens – but says it won’t be held to ransom. Government officials confirmed its National Data Center (PDN) was struck on June 20, with the attack apparently organized by an affiliate of LockBit, with ...