Google has fixed two dangerous zero-day security flaws affecting Android devices. The new security update fixing these flaws has started rolling out to users. The company has said that it fears both these high-severity vulnerabilities are being actively used, which can target users.

One of these flaws enables a zero-click exploit, allowing hackers to obtain sensitive information from the user's device without any user interaction. Pixel device users have been advised to update their device immediately, while other smartphone users will have to wait until the update is released by their smartphone maker to get this fix.

62 security flaws fixed

According to Google, a total of 62 security flaws have been fixed in this Android security update, including two major vulnerabilities CVE-2024-53150 and CVE-2024-53197. Both these flaws are related to the USB subcomponent of the Android Kernel.

The flaw named CVE-2024-53197 allowed hackers to remotely access the smartphone without the user's permission. This flaw was used in combination with two other previously patched vulnerabilities, CVE-2024-53104 and CVE-2024-50302, to target the Android device of a Serbian activist.

The method of exploitation of CVE-2024-53150 is not yet known, but according to the information given in the NIST database, it is an out-of-bounds flaw that can leak sensitive information from the device.

Disclaimer: This content has been sourced and edited from Amar Ujala. While we have made modifications for clarity and presentation, the original content belongs to its respective authors and website. We do not claim ownership of the content.