Google has released its February 2025 Android security update, addressing 48 vulnerabilities, including an actively exploited zero-day flaw in the system’s USB Video Class driver. This patch is particularly urgent given confirmed in-the-wild exploitation of the kernel-level vulnerability.
Zero-Day in Android USB Video Class Driver: CVE-2024-53104
The most critical issue in this update is CVE-2024-53104, a zero-day vulnerability affecting the USB Video Class (UVC) driver in the Android kernel. The flaw stems from improper frame handling within the uvc_parse_format function, specifically when processing UVC_VS_UNDEFINED frames. This implementation error leads to incorrect framebuffer size calculations, resulting in out-of-bounds write operations that compromise system security. Google confirmed active exploitation before the patch was released.
Android Users Running Unpatched Kernel Versions
All Android devices running kernel versions prior to the February 2025 patch level are potentially affected. Physical access to a USB port is required to exploit CVE-2024-53104, making the attack vector local — but the privilege escalation achieved makes it especially dangerous for targeted attacks. Qualcomm-based devices face an additional risk from CVE-2024-45569 in the WLAN component, which enables remote code execution without user interaction.
Qualcomm WLAN Component Vulnerability: CVE-2024-45569
CVE-2024-45569 affects Qualcomm’s WLAN component and enables remote code execution without requiring user interaction or elevated privileges. The flaw originates from improper array index validation during ML IE processing in WLAN host communications. This vulnerability affects a wide range of devices using Qualcomm chipsets, including many flagship Android phones from Samsung, OnePlus, and Xiaomi.
Dual-Level Patch Distribution and Manufacturer Rollout
Google has implemented a dual-level patch distribution strategy. The initial patch level (2025-02-01) addresses core system vulnerabilities, while the secondary level (2025-02-05) covers vendor-specific components and kernel-level issues. According to the Android Security Bulletin for February 2025, device manufacturers are required to implement both patch levels to ensure comprehensive protection. Samsung, Google Pixel, and other OEMs began rolling out updates within days of the bulletin’s publication.
Steps to Update Your Android Device
To protect your device from CVE-2024-53104 and the other 47 patched vulnerabilities, take the following steps immediately:
- Go to Settings → System → System Update and check for the February 2025 security patch.
- Verify your security patch level shows 2025-02-05 or later (the full two-level patch).
- If your device does not yet show the update, contact your carrier or check your manufacturer’s support page for a rollout timeline.
- Until patched, avoid connecting untrusted USB devices to your phone — CVE-2024-53104 requires physical USB access.
- Ensure automatic system updates are enabled so future critical patches are applied without delay.
The February 2025 Android security update is one of the most significant in recent months due to the confirmed zero-day exploitation. Devices still running outdated Android versions that no longer receive security updates are at elevated risk and should be considered for replacement.
