Summary: Google has patched 43 vulnerabilities in Android’s March 2025 security update, including two critical zero-days exploited in targeted attacks. Serbian authorities used one of the zero-days, a vulnerability in the Linux kernel’s Human Interface Devices driver, to unlock confiscated devices as part of an exploit chain identified by Amnesty International. The updates also address several vulnerabilities allowing remote code execution on vulnerable devices.
Affected: Android devices
Keypoints :
- Google released security patches for 43 Android vulnerabilities in March 2025, including two actively exploited zero-days.
- Serbian authorities exploited a zero-day vulnerability to unlock devices in targeted operations, utilizing a method developed by Cellebrite.
- Android security updates also address remote code execution vulnerabilities and include two sets of patches for various device configurations.