Google has rolled out critical security updates for Android, addressing 47 vulnerabilities, including one that is currently being actively exploited in real-world attacks.
🚨 CVE-2024-53104: A High-Severity Privilege Escalation Vulnerability
The most concerning flaw, CVE-2024-53104 (CVSS score: 7.8), is a privilege escalation vulnerability in the USB Video Class (UVC) driver of the Linux kernel. If exploited, it could allow attackers to gain elevated privileges on a device, posing serious security risks.
According to Google, this flaw is already under "limited, targeted exploitation," though details about the attackers remain unknown.
🔍 Technical Breakdown
Security expert Greg Kroah-Hartman revealed that the vulnerability was introduced back in Linux kernel version 2.6.26 (mid-2008). It arises from an out-of-bounds write issue in the function "uvc_parse_format()" within "uvc_driver.c".
The flaw could be leveraged to trigger:
✅ Memory corruption
✅ Program crashes
✅ Arbitrary code execution
Given that this vulnerability enables "physical" privilege escalation, cybersecurity experts at GrapheneOS suggest that it could be misused by forensic data extraction tools.
🔥 Critical Qualcomm WLAN Vulnerability (CVE-2024-45569)
Another major flaw patched in this update is CVE-2024-45569 (CVSS score: 9.8), a critical memory corruption bug affecting Qualcomm’s WLAN component. If exploited, this vulnerability could compromise device security, making it a high-priority fix for Android users.
🛠️ Android Security Patch Levels: What You Need to Know
Google has released two security patch levels:
📌 2025-02-01 – Addresses core vulnerabilities affecting all Android devices.
📌 2025-02-05 – Includes additional patches for vendor-specific issues.
Android partners are strongly encouraged to apply all fixes to ensure maximum security.
🔒 Stay Protected: Update Your Device Now!
With one actively exploited flaw and a critical Qualcomm vulnerability in the mix, Android users should update their devices immediately to mitigate potential risks. Check for security updates in Settings > Security & Privacy > System Update.