{"id":313,"date":"2025-02-05T00:01:17","date_gmt":"2025-02-04T18:31:17","guid":{"rendered":"https:\/\/www.securis360.com\/blog\/?p=313"},"modified":"2026-02-18T05:43:48","modified_gmt":"2026-02-18T05:43:48","slug":"google-patches-android-kernel-zero-day-exploited-in-active-attacks","status":"publish","type":"post","link":"https:\/\/securis360.com\/blog\/google-patches-android-kernel-zero-day-exploited-in-active-attacks\/","title":{"rendered":"Google Patches Android Kernel Zero-Day Exploited in Active Attacks"},"content":{"rendered":"\n

The February 2025 Android security update<\/strong> addresses 48 vulnerabilities<\/strong>, including a zero-day kernel flaw<\/strong> that has been actively exploited in real-world attacks.<\/p>\n\n\n\n

This high-severity vulnerability<\/strong> (CVE-2024-53104<\/strong>) is a privilege escalation bug<\/strong> found in the USB Video Class (UVC) driver<\/strong> of the Android Kernel<\/strong>. It allows authenticated local attackers<\/strong> to gain elevated privileges<\/strong> through a low-complexity exploit<\/strong>.<\/p>\n\n\n\n

The root cause of this flaw lies in the improper parsing of UVC_VS_UNDEFINED frame types<\/strong> within the uvc_parse_format function<\/strong>. Due to an incorrect frame buffer size calculation<\/strong>, attackers can trigger out-of-bounds writes<\/strong>, leading to arbitrary code execution<\/strong> or denial-of-service (DoS) attacks<\/strong>.<\/p>\n\n\n\n

Additional Security Fixes in February 2025 Update<\/strong><\/h3>\n\n\n\n

Beyond this actively exploited zero-day<\/strong>, the latest Android security patches also address a critical vulnerability<\/strong> affecting Qualcomm\u2019s WLAN component<\/strong>.<\/p>\n\n\n\n

Tracked as CVE-2024-45569<\/strong>, this flaw stems from firmware memory corruption<\/strong> caused by an improper array index validation<\/strong> when parsing ML IE frame content<\/strong>.<\/p>\n\n\n\n

Exploiting CVE-2024-45569<\/strong> allows remote attackers<\/strong> to execute arbitrary code, modify memory, or crash affected systems\u2014all without requiring user interaction or elevated privileges<\/strong>.<\/p>\n\n\n\n

Android Security Patch Levels & Device Updates<\/strong><\/h3>\n\n\n\n

Google has rolled out two patch levels<\/strong> for February 2025:<\/p>\n\n\n\n

    \n
  • 2025-02-01:<\/strong> Includes core security updates.<\/li>\n\n\n\n
  • 2025-02-05:<\/strong> Builds on the first patch set and adds fixes for closed-source kernel and third-party components<\/strong> (relevant to specific devices).<\/li>\n<\/ul>\n\n\n\n

    While some manufacturers may push out the initial patch set<\/strong> first for faster deployment<\/strong>, this does not necessarily indicate a higher exploitation risk<\/strong>.<\/p>\n\n\n\n

    Google Pixel devices<\/strong> receive security updates immediately<\/strong>, whereas other manufacturers may take longer to test and optimize patches<\/strong> for different hardware configurations.<\/p>\n\n\n\n

    Past Exploited Android Zero-Days<\/strong><\/h3>\n\n\n\n

    In November 2024<\/strong>, Google addressed two more actively exploited vulnerabilities<\/strong> (CVE-2024-43047<\/strong> and CVE-2024-43093<\/strong>), both leveraged in targeted cyberattacks<\/strong>.<\/p>\n\n\n\n

    Google\u2019s Project Zero<\/strong> flagged CVE-2024-43047<\/strong> as actively exploited in October 2024<\/strong>. Reports later revealed that it was weaponized by the Serbian government<\/strong> in NoviSpy spyware<\/strong> operations, targeting activists, journalists, and protestors<\/strong> through compromised Android devices.<\/p>\n","protected":false},"excerpt":{"rendered":"

    The February 2025 Android security update addresses 48 vulnerabilities, including a zero-day kernel flaw that has been actively exploited in real-world attacks. This high-severity vulnerability (CVE-2024-53104) is a privilege escalation bug found in the USB Video Class (UVC) driver of the Android Kernel. It allows authenticated local attackers to gain elevated privileges through a low-complexity […]<\/p>\n","protected":false},"author":1,"featured_media":933,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[15,16,17,36,24],"class_list":["post-313","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-cybercrime","tag-cybersecurity","tag-data-protection","tag-information-security","tag-scam-awareness"],"_links":{"self":[{"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/posts\/313","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/comments?post=313"}],"version-history":[{"count":1,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/posts\/313\/revisions"}],"predecessor-version":[{"id":935,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/posts\/313\/revisions\/935"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/media\/933"}],"wp:attachment":[{"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/media?parent=313"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/categories?post=313"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/tags?post=313"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}