The February 2025 Android security updates patch 48 vulnerabilities, together with a zero-day kernel vulnerability that has been exploited within the wild.
This high-severity zero-day (tracked as CVE-2024-53104) is a privilege escalation security flaw within the Android Kernel’s USB Video Class driver that permits authenticated native risk actors to raise privileges in low-complexity assaults.
The difficulty happens as a result of the driving force doesn’t precisely parse frames of the sort UVC_VS_UNDEFINED inside the uvc_parse_format operate. In consequence, the body buffer dimension is miscalculated, resulting in potential out-of-bounds writes that may be exploited in arbitrary code execution or denial-of-service assaults.
Along with this actively exploited zero-day bug, the February 2025 Android security updates additionally repair a crucial security flaw in Qualcomm’s WLAN part.
Qualcomm describes this crucial flaw (CVE-2024-45569) as a firmware reminiscence corruption subject brought on by an Improper Validation of Array Index weak point in WLAN host communication when parsing the ML IE on account of invalid body content material.
CVE-2024-45569 could be exploited by distant attackers to probably execute arbitrary code or instructions, learn or modify reminiscence, and set off crashes in low-complexity assaults that do not require privileges or consumer interplay.
Android security patch ranges
Google launched two units of patches for February 2025, the 2025-02-01 and 2025-02-05 security patch ranges. The latter contains all fixes from the primary batch and extra patches for closed-source third-party and kernel parts, which can not apply to all Android gadgets.
Distributors might prioritize the sooner patch set for faster updates, which doesn’t essentially point out elevated exploitation threat.
Google Pixel gadgets will obtain updates instantly, whereas different producers typically take longer to check and fine-tune the security patches for numerous {hardware} configurations.
In November, Google mounted two extra actively exploited Android zero-days (CVE-2024-43047 and CVE-2024-43093), additionally tagged as exploited in restricted, focused assaults.
CVE-2024-43047 was first marked as actively exploited by Google Mission Zero in October 2024. The Serbian authorities additionally exploited it in NoviSpy spyware and adware assaults to compromise the Android gadgets of activists, journalists, and protestors.
