Google has released the February 2025 Android security updates, addressing 48 vulnerabilities, notably a high-severity zero-day flaw in the Android kernel’s USB Video Class driver.
This vulnerability, identified as CVE-2024-53104, allows authenticated local attackers to escalate privileges by exploiting improper parsing of specific frame types within the driver. The flaw can lead to out-of-bounds writes, potentially resulting in arbitrary code execution or denial-of-service attacks.
Expert Analysis:
Once again, we witness a critical vulnerability lurking within the core of Android’s architecture, this time in the USB Video Class driver. The fact that such a flaw allows for privilege escalation underscores a recurring theme: the persistent oversight in scrutinizing foundational components. While Google’s prompt patching is commendable, the reliance on users to update their devices remains a weak link.
Read the full article here.
