Google has fixed two zero-day security flaws affecting Android devices, with the latest security update that began rolling out to users on Monday. The company says it is aware of the possibility of these two high-severity vulnerabilities being exploited to target users. One of the flaws enables a zero-click exploit that provides hackers with access to sensitive information on a user's device, without requiring any user interaction. Users should update their Pixel devices to make sure that they have the latest security patches, while other smartphone users will have to wait until their smartphone maker rolls out these fixes.

Google Fixes 62 Vulnerabilities Affecting Android Devices

The latest Android security update began rolling out to eligible devices on Monday, along with fixes for two flaws identified as CVE-2024-53150 and CVE-2024-53197, two flaws in the USB subcomponent o f the Android Kernel. The latter could allow hackers to remotely gain elevated privileges on an affected smartphone, and the exploit did not need user interaction, according to Google.

The CVE-2024-53197 was used in conjunction with two other vulnerabilities that were previously patched — CVE-2024-53104 and CVE-2024-50302 — to access an Android smartphone used by a Serbian activist, according to a report. Users with updated smartphones should be protected against such an exploit.

There's no word from Google on how the CVE-2024-53150 vulnerability was used to target users. The description of the security flaw on the NIST database reveals that an out-of-bounds flaw discovered in the USB subcomponent of the Android Kernel could result in sensitive information disclosure.

Meanwhile, Google's Android security bulletin for April also reveals that 60 other security vulnerabilities with varying severity ratings have been patched with the latest update. These include a handful of high-severity flaws that allowed hackers to gain elevated privileges on an unpatched smartphone.

Google Pixel users can download the latest Android update to their smartphone, which should bring the security patch to 05-04-2024. Other smartphone users will have to wait for a few weeks (or months in some cases) for the relevant security updates to reach their handsets in the form of a security update. Regardless, users should install the latest security patches as soon as they are available in order to remain protected against the two critical vulnerabilities patched by Google.