Google has rolled out the February 2025 security patch for Android, addressing 47 vulnerabilities spanning high to critical severity levels.
This update includes fixes for system components affecting chipsets from major manufacturers, such as Qualcomm, MediaTek, Arm, Imagination Technologies, and Unisoc.
One notable vulnerability, identified as CVE-2024-53104, involves the USB Video Class (UVC) driver subcomponent and is reportedly under active exploitation.
With a CVSS score of 7.8, this flaw poses a significant security risk by potentially enabling privilege escalation without requiring execution rights.
The issue stems from how the uvc_parse_format function handles undefined video frames. Instead of skipping these frames, the system attempts to parse them, causing the uvc_parse_streaming function to miscalculate buffer sizes.
This process can result in out-of-bounds writes, creating a security threat in the Linux kernel.
Google has already patched the Linux kernel to address the vulnerability and made source code updates available via the Android Open Source Project.
Qualcomm WLAN Vulnerability and Other Key Fixes
Another critical flaw addressed in this update is CVE-2024-45569, affecting the WLAN subcomponent in Qualcomm devices.
With a CVSS score of 9.8, this vulnerability posed a risk of remote code execution. Additional fixes cover framework, kernel, platform, and general system components, bolstering device security.
Security Patch Rollout for Pixel Devices
The update is being distributed in phases based on carriers and regions, with compatibility for a wide range of Pixel models, including:
- Pixel 6, 6 Pro, 6a
- Pixel 7 and 8 series
- Pixel 9 series
- Pixel Fold and Pixel Tablet
Variants for carriers such as Telstra, T-Mobile, and EMEA regions will receive tailored updates based on specific configurations.
Improvements to Android Auto and Bluetooth Stability
Beyond security enhancements, the update addresses persistent issues reported by users. Improvements in Bluetooth stability and audio output aim to resolve complaints about disconnections and audio quality when integrating devices with Android Auto.
Pixel 6 Pro Support Extended
In a notable move, Google has extended system and security updates for Pixel 6 Pro until October 2026. This extension provides an additional two years of support beyond the initial deadline of October 2024, offering continued protection for Pixel 6 Pro owners.
Fix for Linux Kernel Vulnerability
One of the most significant vulnerabilities addressed, CVE-2024-53104, has its origins in a driver introduced in 2008. The flaw, which could enable privilege escalation, has now been patched to secure affected Linux kernel subsystems.
How to Install the Update
Users are encouraged to update their devices by navigating to Settings > System > System Update and following the on-screen instructions.
Pixel 9 series owners, in particular, are advised to apply the patch to address Bluetooth connectivity issues with specific accessories.
By addressing these vulnerabilities, Google reinforces its ongoing commitment to enhancing Android security and protecting users from emerging threats. Users are reminded to install security updates promptly to maintain device security.
