50/68 Wednesday, February 5, 2025
Google has released the February 2025 Android security update, addressing 48 vulnerabilities, including the actively exploited Zero-Day CVE-2024-53104. This vulnerability is a privilege escalation flaw in the Kernel’s USB Video Class (UVC) driver, allowing attackers to gain elevated system privileges. The issue stems from improper handling of UVC_VS_UNDEFINED frames, potentially leading to arbitrary code execution or a denial-of-service (DoS) attack.
The update includes two security patch levels: 2025-02-01 and 2025-02-05. It also fixes a critical vulnerability CVE-2024-45569 in Qualcomm’s WLAN component, which is a memory corruption issue triggered during ML IE frame processing, with a CVSS score of 9.8 Additionally, in November 2024, Google patched two other actively exploited Zero-Day vulnerabilities, CVE-2024-43047 and CVE-2024-43093.
Although Google has not disclosed specific details about these attacks, the company strongly recommends that Android users update their devices as soon as possible to mitigate potential risks from these vulnerabilities.
Source https://securityaffairs.com/173812/hacking/google-android-kernel-zero-day-flaw.html
