News

February 2025 Android Security Update Fixes 48 Vulnerabilities, Including Zero-Day Exploit

Critical Security Updates and Zero-Day Fixes The February 2025 Android security update addresses 48 vulnerabilities, including a high-severity zero-day kernel vulnerability that has been actively exploited in the wild.

This zero-day flaw, CVE-2024-53104, is a privilege escalation issue found in the Android Kernel’s USB Video Class (UVC) driver. It allows authenticated local attackers to elevate privileges through low-complexity attacks. The issue stems from improper parsing of UVC_VS_UNDEFINED frames within the uvc_parse_format function, resulting in miscalculated frame buffer sizes. This vulnerability could lead to out-of-bounds writes, potentially enabling arbitrary code execution or denial-of-service attacks.

Additional Critical Vulnerability in Qualcomm WLAN Alongside the zero-day fix, Google’s update also patches a critical security flaw in Qualcomm’s WLAN component.

CVE-2024-45569 is a firmware memory corruption vulnerability caused by improper validation of an array index in WLAN host communication. The flaw arises when parsing ML IE frame content and can be exploited remotely to execute arbitrary code, read or modify memory, or trigger system crashes.

This low-complexity exploit does not require privileges or user interaction, making it a significant security risk.

Android Security Patch Levels Google has released two sets of security patches:

2025-02-01 security patch level – Includes core fixes applicable to most devices.
2025-02-05 security patch level – Includes all previous fixes plus additional patches for closed-source third-party and kernel components.

Device manufacturers may prioritize the earlier patch set for quicker updates, though this does not necessarily indicate a higher risk of exploitation.

Google Pixel devices will receive updates immediately, while other manufacturers may take additional time to test and fine-tune patches for their respective hardware configurations.

Previous Zero-Day Exploits In November 2024, Google addressed two additional actively exploited Android zero-days, CVE-2024-43047 and CVE-2024-43093, both linked to targeted attacks.

Notably, CVE-2024-43047 was identified by Google Project Zero in October 2024 and was later revealed to have been used in the NoviSpy spyware campaign by the Serbian government to compromise the Android devices of activists, journalists, and protestors.

With ongoing threats and new vulnerabilities emerging, users are strongly encouraged to update their devices as soon as patches become available to mitigate potential security risks.