Android Update Fixes 47 Security Bugs

February 6, 2025

Major Security Android Update

Google has rolled out security patches to address 47 vulnerabilities in the Android operating system. Among these, one flaw—CVE-2024-53104—is already being actively used in cyberattacks, according to the company.

You might be interested in: DeepSeek’s Database Leak Raises Security Concerns

The Critical USB Driver Vulnerability

This specific security issue involves a privilege escalation bug in the USB Video Class (UVC) driver, a core part of the system that handles USB video devices. If exploited, the bug could allow attackers physical access to elevate privileges, leading to potential security breaches. Google also noted that the flaw is being used in limited, targeted attacks in the real world.

Origin of the Bug and Its Risks

Linux kernel developer Greg Kroah-Hartman traced the flaw back to Linux kernel version 2.6.26, which dates back to 2008. The problem stems from an out-of-bounds write error that happens when processing certain types of video frames (UVC_VS_UNDEFINED) in a function called “uvc_parse_format()” in the file “uvc_driver.c.”

This flaw can cause:

Memory corruption
Software crashes
Arbitrary code execution, which could let attackers run their own malicious code

While it’s unclear who is exploiting this vulnerability, GrapheneOS, a privacy-focused Android distribution, has warned that this flaw might be used in forensic data extraction, potentially allowing unauthorized access to sensitive information.

Another Major Bug Fixed on the Android Update: Qualcomm WLAN Flaw

Another serious flaw, CVE-2024-45569, was also patched in this update. Found in Qualcomm’s WLAN component, this bug had a CVSS score of 9.8, making it one of the most dangerous vulnerabilities in the batch. If exploited, it could lead to memory corruption and further security risks.