The Android Security Bulletin for January 2025 highlights critical security vulnerabilities affecting millions of Android devices globally. With the 2025-01-05 security patch level, Google has addressed a range of issues spanning components such as System, Framework, Media Framework, and vendor-specific hardware from Qualcomm and MediaTek.
The System component was found to have critical vulnerabilities (CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747 and, CVE-2024-49748) enabling remote code execution (RCE) without requiring additional execution privileges. Exploiting these flaws could allow an attacker in proximity to execute arbitrary code on an affected device, posing significant risks to data confidentiality and system integrity.
Devices running Android 12 through Android 15 are particularly vulnerable. Google recommends applying updates immediately to prevent exploitation.
The Framework and Media Framework components contain high-severity vulnerabilities, including CVE-2024-49724 and CVE-2023-40132, which could allow attackers to escalate privileges locally. These exploits do not require additional execution privileges, making them easier to leverage. Devices running Android 12 and later are susceptible.
The bulletin also addresses critical vulnerabilities in MediaTek components, such as CVE-2024-20154, affecting the modem, and CVE-2024-20146, impacting WLAN functionality. Exploiting these vulnerabilities could lead to device compromise, particularly in networking or voice communication scenarios.
Qualcomm components revealed similar risks, including kernel and WLAN vulnerabilities (CVE-2024-21464, CVE-2024-45558) with high severity. These issues could result in unauthorized access and potential system crashes.
Google notified Android partners of these vulnerabilities a month prior to publication, enabling device manufacturers to incorporate fixes into their security updates. Source code patches will be made available in the Android Open Source Project (AOSP) repository.
Related Posts:
- Thousands of SonicWall Devices Remain Vulnerable to CVE-2024-40766
- Exploiting Misconfigurations in Argo Workflows for Kubernetes Cluster Takeover
