Crucial Security Updates Address Critical Vulnerabilities Across Multiple Components
February 6, 2025 – Google has rolled out the February 2025 security patch for Android devices, bringing 47 security fixes, including one for a vulnerability that has been actively exploited. The patch addresses critical security flaws affecting system components, including devices powered by Arm, Imagination Technologies, MediaTek, Qualcomm, and Unisoc.
🔹 Key Highlights of the February 2025 Android Security Patch
✅ Total Vulnerabilities Fixed: 47
✅ Critical Severity Vulnerabilities: 1 (CVE-2024-45569)
✅ Actively Exploited Vulnerability Patched: 1 (CVE-2024-53104)
✅ Components Affected: Framework, Kernel, Platform, System, and Chipset Manufacturers
✅ Security Fixes Integrated into Android Open Source Project (AOSP)
Google has also released the source code patches to the AOSP repository, ensuring that manufacturers and developers can implement these fixes in their custom Android builds.
🛑 Actively Exploited Vulnerability: CVE-2024-53104
One of the patched vulnerabilities, CVE-2024-53104, was reportedly being exploited in the wild.
✔️ Component Affected: USB Video Class (UVC) Driver
✔️ Severity Level: High
✔️ CVSS Score: 7.8
✔️ Potential Impact: Escalation of Privileges Without Additional Execution Rights
📌 How It Worked:
- The flaw originates from a video subsystem vulnerability in the Linux kernel, specifically in how the UVC driver handles undefined frames.
- The uvc_parse_format function ignored undefined frames, but the uvc_parse_streaming function still attempted to allocate buffer space for them, causing an out-of-bounds write issue.
- This loophole allowed an attacker to escalate privileges, making it a potential threat to user security.
🚨 Critical Vulnerability: CVE-2024-45569 (Qualcomm WLAN Component)
✔️ Component Affected: Qualcomm WLAN Subcomponent
✔️ Severity Level: Critical
✔️ CVSS Score: 9.8
✔️ Potential Impact: Remote Code Execution (RCE) or Device Takeover
This critical vulnerability in Qualcomm-powered devices posed a serious security risk, potentially allowing attackers to execute arbitrary code remotely. Google has urged Qualcomm device users to update immediately to mitigate any risks.
📡 Other Security Fixes & Impacted Components
The February 2025 patch also addresses security issues across multiple Android components, including:
📌 Framework & Kernel: Addressing various privilege escalation vulnerabilities.
📌 MediaTek, Qualcomm, Unisoc, and Arm Chipsets: Fixes to improve device security against hardware-level attacks.
📌 Platform & System Components: Patch to prevent unauthorized access and system crashes.
📱 Who Should Update?
✔️ All Android device users are advised to install the latest security patch as soon as it becomes available.
✔️ Pixel users will receive the update first, followed by Samsung, OnePlus, and other manufacturers once they integrate the fixes into their custom UI skins.
🔔 Final Thoughts: Why This Update Matters
With one actively exploited vulnerability and a critical Qualcomm WLAN flaw, this security patch is essential for protecting Android devices. Google’s quick response ensures users stay safeguarded against emerging cyber threats.
Bhupendra Singh Chundawat is a seasoned technology journalist with over 22 years of experience in the media industry. He specializes in covering the global technology landscape, with a deep focus on manufacturing trends and the geopolitical impact on tech companies. Currently serving as the Editor at Udaipur Kiran, his insights are shaped by decades of hands-on reporting and editorial leadership in the fast-evolving world of technology.
