
The February 2025 Android security update addresses 46 vulnerabilities, including a critical zero-day kernel vulnerability actively exploited in the wild. This vulnerability, tracked as CVE-2024-53104, presents a significant security risk to Android devices.
CVE-2024-53104 is a high-severity privilege escalation vulnerability affecting the Android Kernel’s USB Video Class (UVC) driver. The flaw resides in the uvc_parse_format function, where improper parsing of UVC_VS_UNDEFINED type frames leads to a frame buffer size miscalculation. This can result in out-of-bounds writes, potentially enabling attackers to execute arbitrary code or trigger denial-of-service conditions.
Google has confirmed “limited, targeted exploitation” of CVE-2024-53104, though specific details regarding observed attacks have not been disclosed. The active exploitation of this zero-day vulnerability is particularly concerning, especially in light of recent instances of Android zero-days being leveraged by commercial spyware vendors. Users are strongly advised to update their devices immediately.
Annother high-severity kernel vulnerability (CVE-2025-0088) could also lead to privilege escalation.
The February 2025 security update is delivered in two parts. The 2025-02-01 patch level resolves 17 vulnerabilities in Framework component. Of particular note within this patch is a high-security vulnerability in the Framework component, which could allow local escalation of privilege without requiring additional execution privileges.
The second part of the update, the 2025-02-05 patch level, addresses 10 vulnerabilities affecting Qualcomm components. This includes a critical vulnerability (CVE-2024-45569) in Qualcomm WLAN firmware. This flaw, classified as a firmware memory corruption issue due to improper validation of array index within WLAN host communication, could allow remote attackers to execute arbitrary code, read or modify memory, or cause device crashes.
Critically, CVE-2024-45569 can be exploited remotely with low complexity, requiring neither special privileges nor user interaction.
The 2025-02-05 patch level is comprehensive, incorporating all fixes from both updates, including the crucial patch for the actively exploited zero-day vulnerability (CVE-2024-53104). Administrators and end-users are strongly encouraged to prioritize the deployment and installation of these updates to mitigate the risks associated with these vulnerabilities. Delaying updates exposes devices to potential compromise and data breaches. Users should consult their device’s documentation for instructions on applying system updates.
Related Posts:
- Security Alert: Squid Proxy’s Unresolved Vulnerabilities
- MediaTek’s February 2025 Security Bulletin: Critical WLAN Vulnerabilities Expose Millions to Remote Attacks