The February 2025 Android security updates have been rolled out, addressing a total of 48 vulnerabilities, including a high-severity zero-day vulnerability actively exploited in the wild. This zero-day flaw, CVE-2024-53104, is a privilege escalation issue in the Android Kernel’s USB Video Class (UVC) driver, which has been used in low-complexity attacks to gain escalated privileges.
The vulnerability occurs because the UVC driver incorrectly parses certain video frames of type UVC_VS_UNDEFINED. Within the uvc_parse_format function, this miscalculation leads to an improper frame buffer size, which can trigger out-of-bounds writes. Attackers can exploit this flaw to execute arbitrary code, potentially gaining full control over the system or launching a denial-of-service (DoS) attack. This security gap highlights the importance of addressing kernel-level vulnerabilities that could otherwise compromise Android devices.
In addition to the CVE-2024-53104 zero-day, the February update also patches another critical flaw in Qualcomm’s WLAN component, CVE-2024-45569. This vulnerability involves firmware memory corruption caused by improper validation of array indices during WLAN host communication, specifically when parsing invalid ML IE (Management Layer Information Element) frames. The flaw can be exploited by remote attackers to execute arbitrary code, read or modify memory, or trigger crashes—all without requiring user interaction or elevated privileges. This vulnerability poses a significant risk, particularly in remote attacks, and highlights the need for timely firmware updates in Android devices.
>>>XS2105 Replacement Battery for Xiaomi Mijia B302CN H200
Patch Levels and Vendor Deployment
Google has released two security patch levels for February 2025: 2025-02-01 and 2025-02-05. The 2025-02-05 patch set includes all fixes from the previous batch, along with updates for closed-source third-party and kernel components. However, these may not be applicable to all Android devices.
- Google Pixel devices will receive the update immediately, ensuring rapid protection for users.
- For other manufacturers, the patch rollouts may take longer as they need to test and optimize the updates for various hardware configurations.
It’s important to note that vendors might prioritize the 2025-02-01 patch set to speed up the update process. However, this doesn’t necessarily indicate an increased risk of exploitation, as the updates will be deployed progressively.
Ongoing Android Threats and Prior Vulnerabilities
In addition to addressing the February 2025 vulnerabilities, Google has been actively working on patching other critical flaws in the Android ecosystem. In November 2024, two actively exploited zero-days—CVE-2024-43047 and CVE-2024-43093—were fixed. These vulnerabilities were reportedly used in targeted attacks, with CVE-2024-43047 being exploited by the Serbian government in the NoviSpy spyware campaign. This attack primarily targeted journalists, activists, and protestors, further highlighting the growing threat of state-sponsored cyber attacks.
>>>PH18650-4 Replacement Battery for Dahua PH18650-4
The patches address a range of security risks, from kernel-level privilege escalation to remote code execution flaws in Qualcomm’s WLAN component. Given the increasing sophistication of mobile threats, it’s essential for Android users and device manufacturers to promptly apply these updates to safeguard their devices from potential exploitation.