Google has released the February 2025 Android security update, addressing a total of 48 vulnerabilities, including an actively exploited zero-day flaw tracked as CVE-2024-53104. The update is available for Android 12 through Android 15 devices and contains fixes for multiple security issues across the Framework, System, Kernel, and vendor components.
The actively exploited vulnerability, tracked under CVE-2024-53104, is a high-severity elevation-of-privilege (EoP) flaw in the Linux kernel's UVC (USB Video Class) driver. The issue arises from incorrect handling of undefined frame types in uvc_parse_format, leading to out-of-bounds writes when parsing streaming data. This could allow an attacker with local access to escalate privileges, potentially taking control of a vulnerable device.
The flaw was first reported and analyzed under Google's Android security program, with additional CVSS scoring provided by CISA's ADP (Automated Detection and Prevention), which rated it 7.8 (High severity). Google confirmed that CVE-2024-53104 has been exploited in limited, targeted attacks, but no further details have been provided regarding the scope of these incidents.
Beyond the zero-day fix, Google has addressed multiple other high-severity security flaws across different components of the Android system:
- Framework: Several elevation-of-privilege vulnerabilities (CVE-2024-49721, CVE-2024-49743, CVE-2024-49746) could allow a local attacker to gain higher system privileges.
- System: High-severity privilege escalation flaws (CVE-2025-0091, CVE-2025-0095, CVE-2025-0096) impacting Android 12 to 15 could enable attackers to execute arbitrary code with increased privileges.
- Kernel: Apart from CVE-2024-53104, Google also patched CVE-2025-0088, another kernel-level privilege escalation flaw affecting mremap, a critical memory management function.
- Qualcomm components: A critical vulnerability (CVE-2024-45569) in Qualcomm's WLAN module could enable remote code execution, while multiple high-severity flaws affect Qualcomm's camera, display, and Wi-Fi modules.
- MediaTek and Unisoc fixes: Google patched several high-risk vulnerabilities in MediaTek's modem and bootloader components and Unisoc's Android system.
Staying safe on Android
Google proactively notified Android partners a month in advance, allowing manufacturers to integrate these fixes into their devices. The patches have been made available through the Android Open Source Project (AOSP) and are included in security patch levels 2025-02-01 and 2025-02-05.
To stay protected, users should update to the latest security patch (2025-02-05) as soon as it becomes available for their device. Moreover, it's prudent to avoid sideloading apps from unverified sources, as Google Play Protect primarily safeguards apps from the Google Play Store. Ultimately, it's important to use a device with ongoing security support, as older Android versions may not receive patches for all vulnerabilities.
Leave a Reply