Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Log4j flaw attack levels remain high, Microsoft warns
January 4, 2022
Microsoft has warned Windows and Azure customers to remain vigilant after observing state-sponsored and cyber-criminal attackers probing systems for the Log4j ‘Log4Shell’ flaw through December. Disclosed by the Apache Software Foundation on December 9, Log4Shell will likely take years to remediate because of how widely the error-logging software component is used in applications and services. Microsoft warns ...
- A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain
January 3, 2022
Supply chain networks are frequent targets for cybercrime, as controlling a weak link in the supply chain can grant cybercriminals access to more victims – especially when the weak link is the source of the supply chain. Recently, we found a supply chain attack leveraging a cloud video platform to distribute skimmer (aka formjacking) campaigns. ...
- Data breach: Broward Health warns 1.3 million patients, staff of ‘medical identity theft’
January 3, 2022
This weekend, the Broward Health hospital system notified more than 1.3 million patients and staff members that their personal information was involved in a data breach that started on October 15. In a statement on Saturday, the Florida hospital system said that in addition to names, addresses and phone numbers, Social Security numbers, bank account information ...
- Israel’s Jerusalem Post website hacked on Soleimani assassination anniversary
January 3, 2022
Israel’s Jerusalem Post newspaper said on Monday its website had been hacked, in what it said was an apparent threat to the country. Instead of displaying a main news page, the website showed an illustration that appeared to recall top Iranian general Qassem Soleimani, who was assassinated in a U.S. drone strike in Iraq on this ...
- Cyber attack on UK’s Defence Academy had ‘significant’ impact, officer in charge at the time reveals
January 2, 2022
A cyber attack – possibly by China or Russia – hit the academic arm of the UK’s Ministry of Defence and had a “significant” impact, the officer in charge at the time has revealed. Air Marshal Edward Stringer, who retired from the armed forces in August, said the “sophisticated” hack – discovered last March – prompted ...
- Firmware attack can drop persistent malware in hidden SSD area
December 30, 2021
Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location that’s beyond the reach of the user and security solutions. The attack models are for drives with flex capacity features and target a hidden area on the device called over-provisioning, which is widely used by ...