Google fixes two actively exploited zero-day vulnerabilities in Android


Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.

The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.

Read more…
Source: Malwarebytes Labs


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • China’s state security authorities warn of foreign spies hunting military info on messaging app

    June 23, 2024

    China’s Ministry of State Security on Saturday posted a short film calling on the public to enhance national security awareness, as the film describes a case of espionage in which a military enthusiast was deceived by a foreign spy disguised as a pretty girl on instant messaging app into giving up sensitive military information. Adapted from ...

  • Was T-Mobile compromised by a zero-day in Jira?

    June 21, 2024

    A moderator of the notorious data breach trading platform BreachForums is offering data for sale they claim comes from a data breach at T-Mobile. The moderator, going by the name of IntelBroker, describes the data as containing source code, SQL files, images, Terraform data, t-mobile.com certifications, and “Siloprograms.” To prove they had the data, IntelBroker posted ...

  • Japan’s space agency was hit by multiple cyberattacks, but officials say no sensitive data was taken

    June 21, 2024

    Japan’s space agency has suffered a series of cyberattacks since last year, but sensitive information related to rockets and satellites was not affected and it is continuing to investigate and take preventive measures, officials said Friday. Chief Cabinet Secretary Yoshimasa Hayashi acknowledged that the Japan Aerospace Exploration Agency, or JAXA, has had “a number of” cyberattacks ...

  • Stolen test data and NHS numbers published by Qilin hackers

    June 21, 2024

    A gang of cyber criminals causing huge disruption to multiple London hospitals has published sensitive patient data stolen from an NHS blood testing company. Overnight on Thursday, Qilin shared almost 400GB of the private information on their darknet site. The gang has been trying to extort money from NHS provider Synnovis since they hacked the firm ...

  • Sustained Campaign Using Chinese Espionage Tools Targets Telcos

    June 20, 2024

    Attackers using tools associated with Chinese espionage groups have breached multiple telecom operators in a single Asian country in a long-running espionage campaign. The attackers placed backdoors on the networks of targeted companies and also attempted to steal credentials. The attacks have been underway since at least 2021, with evidence to suggest that some of this ...

  • Car Dealerships Across US Halt Services After Cyberattack

    June 20, 2024

    Thousands of car dealerships were ground to a halt during a normally busy holiday Wednesday by a cyber incident at CDK Global, a major software provider for dealers across the US. The company “shut all systems down and executed extensive testing and consulted with external third-party experts,” Tony Macrito, a CDK spokesman, said in an email. ...