The February 2025 Android safety updates patch 48 vulnerabilities, together with a zero-day kernel vulnerability that has been exploited within the wild.
This high-severity zero-day (tracked as CVE-2024-53104) is a privilege escalation safety flaw within the Android Kernel’s USB Video Class driver that enables authenticated native menace actors to raise privileges in low-complexity assaults.
The problem happens as a result of the driving force doesn’t precisely parse frames of the kind UVC_VS_UNDEFINED inside the uvc_parse_format operate. In consequence, the body buffer measurement is miscalculated, resulting in potential out-of-bounds writes that may be exploited in arbitrary code execution or denial-of-service assaults.
Along with this actively exploited zero-day bug, the February 2025 Android safety updates additionally repair a vital safety flaw in Qualcomm’s WLAN element.
Qualcomm describes this vital flaw (CVE-2024-45569) as a firmware reminiscence corruption challenge brought on by an Improper Validation of Array Index weak spot in WLAN host communication when parsing the ML IE as a result of invalid body content material.
CVE-2024-45569 may be exploited by distant attackers to probably execute arbitrary code or instructions, learn or modify reminiscence, and set off crashes in low-complexity assaults that do not require privileges or consumer interplay.
Android safety patch ranges
Google launched two units of patches for February 2025, the 2025-02-01 and 2025-02-05 safety patch ranges. The latter contains all fixes from the primary batch and extra patches for closed-source third-party and kernel components, which can not apply to all Android units.
Distributors might prioritize the sooner patch set for faster updates, which doesn’t essentially point out elevated exploitation threat.
Google Pixel units will obtain updates instantly, whereas different producers typically take longer to check and fine-tune the safety patches for varied {hardware} configurations.
In November, Google fastened two extra actively exploited Android zero-days (CVE-2024-43047 and CVE-2024-43093), additionally tagged as exploited in restricted, focused assaults.
CVE-2024-43047 was first marked as actively exploited by Google Venture Zero in October 2024. The Serbian authorities additionally exploited it in NoviSpy adware assaults to compromise the Android units of activists, journalists, and protestors.