{"id":300366,"date":"2025-04-09T02:07:14","date_gmt":"2025-04-09T09:07:14","guid":{"rendered":"https:\/\/sftarticles.wpenginepowered.com\/en\/?p=300366"},"modified":"2025-07-01T14:55:53","modified_gmt":"2025-07-01T21:55:53","slug":"google-just-patched-two-zero-day-vulnerabilities-theyre-arriving-too-late","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/google-just-patched-two-zero-day-vulnerabilities-theyre-arriving-too-late\/","title":{"rendered":"Google just patched two zero-day vulnerabilities: they\u2019re arriving too late"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Security updates are crucial to keep our smartphones protected, but on Android, the timing can be dangerously inconsistent.&nbsp;<strong>Google has just addressed two serious zero-day vulnerabilities<\/strong>, but unless you own a Pixel, you might be waiting weeks\u2014or even months\u2014before the fix reaches your device.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Critical flaws affect Android devices<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In April\u2019s Android security bulletin,&nbsp;<strong>Google patched 62 vulnerabilities<\/strong>, including two zero-day flaws classified as critical. One of them,&nbsp;<strong>CVE-2024-53197<\/strong>, exploited a USB audio driver to gain elevated privileges. It was already used in real-world attacks, including by Cellebrite and Serbian authorities to access seized devices. The other flaw,&nbsp;<strong>CVE-2024-53150<\/strong>, allowed local attackers to read confidential data without user interaction.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Google says the fixes were shared with manufacturers in January<\/strong>, but that doesn\u2019t mean users are protected. Android\u2019s fragmented update system means each brand must implement and deploy these patches independently, often resulting in significant delays.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Most users will have to wait<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Google Pixel phones are the first to receive these updates, but&nbsp;<strong>devices from other brands, like Samsung or Xiaomi, depend on the manufacturer\u2019s schedule<\/strong>. While Samsung is generally quick to react, others might take much longer, leaving millions of phones vulnerable.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Unlike app updates through Google Play,&nbsp;<strong>security patches require a full firmware update<\/strong>, which complicates and delays the rollout. Until the update arrives, users should avoid installing apps from unknown sources and remain cautious when connecting external devices.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In a mobile landscape where threats evolve quickly,&nbsp;<strong>waiting weeks for a critical fix is a serious problem<\/strong>. Google has taken a step forward, but Android\u2019s update model remains a step behind.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security updates are crucial to keep our smartphones protected, but on Android, the timing can be dangerously inconsistent.&nbsp;Google has just addressed two serious zero-day vulnerabilities, but unless you own a Pixel, you might be waiting weeks\u2014or even months\u2014before the fix reaches your device. Critical flaws affect Android devices In April\u2019s Android security bulletin,&nbsp;Google patched 62 &hellip; <a href=\"https:\/\/cms-articles.softonic.io\/en\/google-just-patched-two-zero-day-vulnerabilities-theyre-arriving-too-late\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Google just patched two zero-day vulnerabilities: they\u2019re arriving too late&#8221;<\/span><\/a><\/p>\n","protected":false},"author":9317,"featured_media":300368,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015],"tags":[],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-300366","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/300366","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9317"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=300366"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/300366\/revisions"}],"predecessor-version":[{"id":308018,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/300366\/revisions\/308018"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/300368"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=300366"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=300366"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=300366"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=300366"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=300366"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=300366"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}