Google fixes two actively exploited zero-day vulnerabilities in Android


Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.

The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.

Read more…
Source: Malwarebytes Labs


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Excel File Deploys Cobalt Strike at Ukraine

    June 3, 2024

    FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file. The attacker uses a multi-stage malware strategy to deliver the notorious “Cobalt Strike” payload and establish communication with a command and control (C2) server. This attack employs various evasion techniques to ensure successful ...

  • UK: The Princess of Wales’s hospital data breach not referred to police due to suspected ‘decoy’ plan

    June 3, 2024

    The Princess of Wales’s hospital data breach has not been referred to police as an expert explains that a “decoy” plan could have been in use – meaning her actual medical files were not accessed by the perpetrators. Despite Health Minister Maria Caulfield revealing back in March that the police had been asked to look into ...

  • Inside The Box: Malware’s New Playground

    June 3, 2024

    Over the past few months, we have been monitoring the increasing abuse of BoxedApp products in the wild. BoxedApp products are commercial packers that provide advanced features such as Virtual Storage (Virtual File System, Virtual Registry), Virtual Processes, and a universal instrumentation system (WIN/NT API hooking). Even though BoxedApp has been commercially available for a while, ...

  • Ticketmaster confirms customer data breach

    June 1, 2024

    Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. In a filing with the SEC, Live Nation said on May 20th it identified “unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary)” and launched an investigation. ...

  • Santander data breach: 30m account and credit card details up for sale on dark web

    June 1, 2024

    According to reports, Santander customer and staff data has been put up for sale on the dark web. The details relate to the data leak reported earlier in May. Data leaked included HR details for staff, 30m customers’ bank account details, and 28m credit card numbers. The bank, which is the eurozone’s second-largest lender, has around ...

  • BBC cyber attack exposes details of 25,000 current and former staff

    May 30, 2024

    The personal data of more than 25,000 former and current BBC employees has been exposed in a major cyber attack targeting the broadcaster’s pension scheme. Information including names, addresses and National Insurance numbers was compromised after files containing personal details were stolen from a cloud data storage service earlier this month. It is not yet known who ...