# **Android Users Advised to Implement February Security Patch Due to Zero-Day Exploit Worries**
Android users are encouraged to apply Google’s February security patch promptly after it came to light that a zero-day exploit was employed to breach a Serbian student’s phone. The exploit, allegedly marketed by Cellebrite, enabled attackers to circumvent Android lock screens and obtain privileged access to devices.
## **Zero-Day Exploit Targeting Serbian Activist**
Amnesty International recently disclosed that Serbian officials utilized a zero-day exploit to focus on a student critical of the government. The exploit, sold by Cellebrite, permitted attackers to bypass the lock screen on thoroughly updated Android devices.
The attack exploited vulnerabilities within Linux kernel USB drivers, which handle USB hardware management on Android devices. This indicates the exploit was not confined to a single device or manufacturer but could potentially impact a broad array of Android phones.
This report comes after Amnesty International’s findings in December, which accused Serbian authorities of deploying spyware in a larger initiative to stifle civil society. In response to the December report, the controversial vendor Cellebrite halted sales to specific clients in Serbia. However, the latest evidence indicates that surveillance activities have continued despite global disapproval.
## **Mechanism of the Exploit**
As per Amnesty International, the exploit chain enabled attackers with physical access to a device to bypass its lock screen and gain elevated privileges. The attack involved connecting the phone’s USB port to various peripherals, likely specialized devices intended to manipulate kernel memory.
Forensic examination of the compromised device showed that Serbian officials attempted to install an unidentified application after gaining access to the device. This is consistent with previous instances where spyware, like NoviSpy, was loaded onto compromised devices.
## **Exploited Vulnerabilities and Patches**
The vulnerabilities leveraged in this attack comprise:
– **CVE-2024-53104** – Resolved in the **February 2025 Android Security Bulletin**.
– **CVE-2024-53197** and **CVE-2024-50302** – Addressed in the upstream Linux kernel but not yet integrated into Android.
These vulnerabilities underscore the perils associated with unpatched devices, as attackers can exploit them to secure unauthorized access.
## **Reasons for Immediate Update by Android Users**
In light of the critical nature of this exploit, Android users are strongly recommended to install the newest security updates. The February patch resolves CVE-2024-53104, which was actively utilized in attacks. Users who postpone updating their devices are at risk of potential threats.
Furthermore, the exploit’s dependence on Linux kernel USB drivers suggests that both Android devices and Linux-based computers and embedded systems could be vulnerable. Although there is no proof that non-Android Linux devices have been targeted, the possibility for wider exploitation remains.
## **Final Thoughts**
The identification of this zero-day exploit highlights the necessity for prompt security updates. Android users, particularly those engaged in activism or political activities, should exercise heightened caution. Installing the latest security patches is an essential measure to protect personal data from unauthorized breaches.
As surveillance technologies progress, security measures must also advance. Users should remain knowledgeable about security updates and take proactive actions to defend their devices against new threats.
