Google Patches Critical Android Flaws as Zero-Days Are Actively Exploited

Google has released patches for 62 Android vulnerabilities, including critical flaws that allow attackers to take control of devices without user interaction or special permissions. Two zero-day bugs have already been exploited to unlock phones.

Older, unsupported Android devices are especially at risk.

The most severe vulnerability, found in the System component, allows remote privilege escalation without user input. Google also flagged two actively exploited flaws in the Linux Kernel’s ALSA USB audio driver (CVE‑2024‑53150 and CVE‑2024‑53197), which allow out-of-bounds reads.

These zero-days were reportedly used by Israeli firm Cellebrite to help Serbian authorities unlock seized Android devices.

Google notified Android partners a month in advance and emphasized that newer Android versions include security improvements. Google Play Protect, enabled by default, helps detect harmful apps.

Users are urged to update to the latest Android version as soon as possible.