Android Patchday: Attackers Exploit Gaps In The Usb Audio Driver

Owners of Android smartphones and tablets that are still nether support should guarantee that nan latest information updates are installed. Attackers are presently exploiting 2 vulnerabilities.

Patch now!

In a informing message, nan developers constitute astir targeted attacks connected a constricted scale. The 2 vulnerabilities (CVE-2024-53150, consequence “high” and CVE-2024-53197, besides consequence “high”) impact nan Advanced Linux Sound Architecture (ALSA). Specifically, USB audio is affected. At this point, attackers tin usage typical inputs successful nan driver to trigger representation errors. This usually leads to crashes (DoS) aliases malicious codification tin moreover beryllium executed connected nan systems.

There is presently nary further accusation connected nan process and effects of nan attacks. Google assures that it has equipped devices pinch nan 2025-04-01 and 2025-04-05 patch levels of nan Android operating systems against these attacks.

Android: Further dangers

The developers person besides closed “critical” gaps (CVE-2025-22429, CVE-2025-26416, CVE-2025-22423) successful nan model and strategy successful Android 13, 14 and 15. At these points, attackers tin summation unauthorized entree to accusation successful unspecified ways aliases get higher personification authorities successful nan system.

Otherwise, DoS attacks are still imaginable pinch attacks connected immoderate vulnerabilities. The programmers person besides closed information gaps successful components from nan systems-on-a-chip (SoC) manufacturers Arm, Imagination Technologies, MediaTek and Qualcomm. The WLAN module is 1 of nan components affected.

As portion of nan patchday, Google besides points retired important changes to nan Android Open-Source Project (AOSP) for developers: since nan extremity of March this year, developers should usage android-latest-release alternatively of aosp-main.

(des)