Google fixes two Android zero-day bugs actively exploited by hackers

Tech Crunch - Apr 8th, 2025

Google has released an urgent update for Android, addressing two zero-day vulnerabilities potentially exploited by hackers. The first, CVE-2024-53197, was discovered by Amnesty International and Benoît Sevens of Google’s Threat Analysis Group, highlighting a significant security flaw that allowed for remote escalation of privilege without user interaction. This vulnerability was notably used against a Serbian student activist by local authorities leveraging Cellebrite's tools. The second flaw, CVE-2024-53150, was found in the kernel, with its details less publicly disclosed. Google plans to distribute the patches within 48 hours, ensuring phone manufacturers can update their devices, emphasizing the collaborative nature and urgency in addressing these security threats.

This development underscores the ongoing battle against cyber threats targeting Android devices, particularly those involving government-backed operations. The discovery by Amnesty International and Google's team highlights the critical role of organizations in identifying and mitigating such threats. The incident raises concerns about the use of commercial hacking tools by authorities and the broader implications for digital privacy and security. With Android's open-source model, the responsibility now lies with phone manufacturers to ensure timely updates, illustrating the complexities and challenges in securing a widely used platform against sophisticated cyberattacks.

Amnesty International Google Cybersecurity Android Zero Day Vulnerabilities Hackers Cve 2024 53197 Benoît Sevens Cellebrite Serbian Student Activist

Story submitted by Fairstory

RATING

6.8

Fair Story

Consider it well-founded

The article provides a timely and informative overview of Google's recent update to address zero-day vulnerabilities in Android devices. It accurately reports on the key facts and offers a clear explanation of the technical issues involved. However, the story could benefit from a more balanced perspective by including viewpoints from affected users or cybersecurity experts. The reliance on a limited number of sources slightly affects the overall source quality, and the lack of detailed information on the second vulnerability leaves some questions unanswered. Despite these limitations, the article effectively highlights the public interest and urgency of updating devices to protect against potential exploitation, contributing to its impact and relevance. Enhancing engagement through more diverse perspectives and exploring controversial aspects could further strengthen the article's overall quality.

Accuracy

The news story generally maintains factual accuracy in its reporting of Google's Android update and the related vulnerabilities. It correctly identifies the release of an update to fix two zero-day vulnerabilities, which aligns with known security practices and Google's protocol for addressing such issues. The story accurately mentions the involvement of Amnesty International and Google's Threat Analysis Group in identifying one of the vulnerabilities, which is a critical detail corroborated by various sources. However, the story lacks specific details about the second vulnerability, CVE-2024-53150, which is noted as requiring further verification. Additionally, while it mentions Cellebrite's involvement in exploiting these vulnerabilities, the story would benefit from more detailed evidence or confirmation from independent sources to strengthen this claim.

Balance

The article predominantly focuses on Google's actions and the technical aspects of the vulnerabilities, providing a detailed account of the update process and the potential risks involved. However, it does not offer much perspective from other stakeholders, such as Android device manufacturers or users who might be affected by these vulnerabilities. The lack of commentary from these groups suggests a slight imbalance, as the narrative is heavily skewed towards the technical and organizational response from Google. Including viewpoints from cybersecurity experts or affected users could have provided a more rounded perspective on the implications of these vulnerabilities.

Clarity

The article is well-structured and uses clear language to convey complex technical information about the vulnerabilities and Google's response. It effectively breaks down the technical jargon, making it accessible to a general audience. The logical flow from the identification of vulnerabilities to the update process is coherent, and the use of specific examples, such as the involvement of Cellebrite, helps to illustrate the real-world implications of these vulnerabilities. However, the article could benefit from a more detailed explanation of the technical aspects of the second vulnerability, which remains somewhat vague.

Source quality

The article cites credible sources such as Google and Amnesty International, both of which are reliable authorities in technology and human rights, respectively. The involvement of Google's Threat Analysis Group adds credibility, given their expertise in handling government-backed cyberattacks. However, the story could improve by including direct quotes or statements from these organizations to enhance the legitimacy of the claims. The absence of additional independent sources or expert opinions slightly diminishes the overall source quality, as it relies heavily on the initial report without external verification.

Transparency

The article provides a reasonable amount of context regarding the vulnerabilities and Google's response. It explains the nature of zero-day vulnerabilities and the potential risks involved. However, the story lacks transparency in terms of the methodology used to identify these vulnerabilities and the specific processes involved in Google's update. Additionally, there is no disclosure of any potential conflicts of interest that might affect the reporting. More detailed information about the investigation process by Amnesty International and Google's Threat Analysis Group could enhance transparency.