Google has released its January 2025 Android Security update addressing several critical security vulnerabilities, including a remote code execution (RCE) flaw in the System component and a critical stack overflow vulnerability in MediaTek's Modem chipset. These issues, if exploited, could enable attackers to execute code remotely or compromise devices without user interaction, posing significant risks to affected Android devices.
Critical flaws in Android System
The Android System component contains five critical RCE vulnerabilities (CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747, CVE-2024-49748). Exploiting these flaws requires no special privileges, and successful exploitation could allow attackers to execute malicious code on a device remotely. These vulnerabilities are present across Android versions 12 through 15, affecting a broad range of devices.
Google's bulletin underscores the severity of these vulnerabilities by highlighting the potential for exploitation in scenarios where built-in platform mitigations are bypassed or disabled. Fixes for these vulnerabilities are included in devices running the 2025-01-05 security patch level or later.
MediaTek modem vulnerability
Another alarming issue is a stack overflow vulnerability (CVE-2024-20154) in MediaTek's Modem chipset. This flaw, detailed in MediaTek's January bulletin, enables RCE if a device connects to a rogue base station controlled by an attacker.
The vulnerability affects a wide range of MediaTek chipsets, including MT6767, MT6781, and MT6877, and impacts modem software versions LR12A, LR13, and NR16.R1.MP. This issue is rated critical due to its potential to compromise devices without user interaction or additional execution privileges.
High-severity issues
In addition to the critical flaws, Google addressed high-severity vulnerabilities in the Framework, Media Framework, and System components. These include elevation of privilege (EoP) and denial of service (DoS) vulnerabilities, which could allow attackers to escalate privileges locally or disrupt device functionality.
Qualcomm and MediaTek also disclosed multiple high-severity flaws in their proprietary components, though none of Qualcomm's vulnerabilities reached critical severity.
Stay protected
Google has included fixes in security patch levels 2025-01-01 and 2025-01-05. Users are urged to update their devices to mitigate potential risks. Device manufacturers and partners have been provided with patches and will soon distribute updates to affected devices, but depending on the model, it may take a while to reach end users.
Apart from updating to the latest patch version, Android users should also make sure Google Play Protect is enabled at all times, refrain from connecting to unknown Wi-Fi networks, and avoid downloading apps from outside the official channel, Google Play Store, or other reputable developers.
Washington Sues T-Mobile Over 2021 Data Breach Impacting 79 Million
Leave a Reply