The February 2025 Android security updates address a total of 48 vulnerabilities, including a high-severity zero-day that has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-53104, is a privilege escalation flaw in the Android Kernel’s USB Video Class (UVC) driver. This issue allows authenticated local attackers to elevate their privileges and execute low-complexity attacks. The flaw arises from improper parsing of certain frame types in the UVC driver, leading to out-of-bounds writes that can result in arbitrary code execution or denial-of-service attacks.
Along with the zero-day, the updates also address a critical flaw in Qualcomm’s WLAN component, tracked as CVE-2024-45569. This vulnerability involves a memory corruption issue caused by improper validation of array indices in WLAN host communication. It enables remote attackers to exploit the flaw with low complexity, potentially executing arbitrary code, reading or modifying memory, or causing crashes without needing user interaction or elevated privileges. Both vulnerabilities present serious risks, especially given the ease with which they can be exploited.
Google released two sets of patches for the February 2025 security updates: one on February 1 and a second on February 5.
The second set includes additional patches for closed-source third-party and kernel elements, which may not apply to all Android devices. Manufacturers often prioritize the earlier patch set to deliver quicker updates, although this does not necessarily indicate an increased risk of exploitation. Devices running Google Pixel will receive the updates immediately, while other manufacturers may take longer to finalize and distribute the patches for various hardware configurations.
In addition to these vulnerabilities, Google had previously patched two zero-days in November 2024—CVE-2024-43047 and CVE-2024-43093. CVE-2024-43047, for instance, was exploited by the Serbian government in the NoviSpy spyware attacks, which targeted the Android devices of activists, journalists, and protestors. Google’s ongoing work to address these security issues highlights the importance of timely updates to mitigate the growing number of threats targeting Android devices globally.