Close Menu
Tech News

Google Patches Critical Android Kernel Zero-Day Exploit Actively Used in Attacks

Todays BridgeBy Updated:No Comments2 Mins Read
Google Patches Critical Android

Google Patches Critical Android Kernel Zero-Day Exploit Actively Used in Attacks : Google has rolled out its February 2025 security updates, addressing 48 vulnerabilities, including a critical zero-day exploit that was actively leveraged in attacks.

Zero-Day Vulnerability: CVE-2024-53104

A high-severity flaw, tracked as CVE-2024-53104, was discovered in the Android Kernel’s USB Video Class (UVC) driver. This vulnerability, if exploited, allows authenticated attackers to escalate privileges in low-complexity attacks.

Technical Breakdown of CVE-2024-53104

The zero-day flaw originates in the uvc_parse_format function due to improper parsing of UVC_VS_UNDEFINED type frames. Miscalculations in the frame buffer size could result in out-of-bounds writes, potentially enabling:

  • Arbitrary code execution on vulnerable Android devices.
  • Denial-of-service (DoS) conditions, leading to device crashes.

The security advisory explains:

“In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format. This can lead to out-of-bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.”

Google has confirmed that CVE-2024-36971 might also be undergoing limited, targeted exploitation, reinforcing the urgency of these updates.

Other Major Security Fixes: Qualcomm WLAN Vulnerability

Alongside the zero-day patch, Google addressed a critical flaw (CVE-2024-45569) in Qualcomm’s WLAN component, which carries a CVSS score of 9.8. This vulnerability stems from memory corruption due to improper validation of array indices when parsing ML IE frame content. If left unpatched, attackers could exploit this flaw to compromise affected devices.

Security Patch Deployment: Install Updates Now

Google’s February 2025 security updates come in two patch levels:

  • 2025-02-01
  • 2025-02-05

While Google Pixel devices receive security updates immediately, other Android manufacturers may experience delays due to additional testing and compatibility adjustments for various hardware configurations.

How to Install the Latest Android Security Updates

To protect your device from these vulnerabilities, Android users should install the latest security patches by following these steps:

  1. Go to Settings > Security & privacy > Security update
  2. Check for the latest Android security updates
  3. Download and install the latest security patch available
  4. Restart your device after installation

Final Thoughts

The discovery of CVE-2024-53104 and CVE-2024-45569 highlights the ongoing risks faced by Android users. With threat actors actively exploiting these vulnerabilities, timely patching is crucial to securing devices against cyberattacks.

Stay vigilant and update your device immediately to mitigate security threats and enhance your digital safety.

Share.

A dedicated Fantasy Cricket Analyst with a deep passion for the game, focused on delivering insightful stats and well-researched predictions to empower others in making smart Fantasy Cricket decisions.

Related Posts

Add A Comment
Leave A Reply