Google patches Android zero-day vulnerability exploited by hackers

📟 News

Date: 05/02/2025

Google released the February set of patches for Android. In total, they fix 48 bugs, including a kernel zero-day vulnerability actively exploited by hackers.

The zero-day’s ID is CVE-2024-53104; it relates to privilege escalation in the USB Video Class driver of the Android kernel and enables authenticated local attackers to escalate their privileges.

The vulnerability originates from incorrect parsing of UVC_VS_UNDEFINED type frames in the uvc_parse_format function. As a result, the frames buffer size was calculated incorrectly resulting in out-of-bounds writes, which could be used to execute arbitrary code or deliver denial of service (DoS) attacks.

In addition to the above-mentioned zero-day vulnerability, the February set of patches fixes a critical vulnerability in Qualcomm’s WLAN component. Qualcomm describes this bug (CVE-2024-45569) as follows: memory corruption while parsing the ML IE due to invalid frame content.

CVE-2024-45569 can be used by remote attackers to execute arbitrary code or commands, read or modify memory, or cause crashes. Importantly, these attacks don’t require privileges or user interaction.

In February 2025, Google released two sets of patches: 2025-02-01 and 2025-02-05. The latter one includes all the fixes from the first set, as well as additional fixes for third-party closed-source modules and kernel elements that apply not to all Android devices.

Related posts:
2025.04.01 — Hackers abuse MU plugins to inject malicious payloads to WordPress

According to Sucuri, hackers store malicious code in the MU-plugins (Must-Use Plugins) directory in WordPress and execute it while remaining undetected. The technique was first discovered…

Full article →
2025.01.28 — J-magic backdoor attacked Juniper Networks devices using 'magic packets'

A massive backdoor attack targeting Juniper routers often used as VPN gateways has been uncovered. The devices were attacked by the J-magic malware that…

Full article →
2025.04.25 — Asus patches vulnerability in AMI's MegaRAC enabling attackers to brick servers

Asus released patches for the CVE-2024-54085 vulnerability that allows attackers to seize and disable servers. The security hole affects the American Megatrends International (AMI) MegaRAC Baseboard Management…

Full article →
2025.03.20 — 8,000 vulnerabilities identified in WordPress ecosystem in 2024

According to Patchstack, world's #1 WordPress vulnerability intelligence provider, 7,966 new vulnerabilities were identified in the WordPress ecosystem in 2024; most of these bugs affected plugins…

Full article →
2025.04.22 — Scammers pose as FBI IC3 specialists, offer 'assistance' to fraud victims

According to the FBI, scammers impersonating employees of the FBI Internet Fraud Complaint Center (IC3) contact fraud victims offering them 'assistance' in getting their money…

Full article →
2025.01.25 — 18,000 script kiddies have been infected with backdoor via XWorm RAT builder

According to CloudSEK analysts, malefactors attack novice hackers using a fake malware builder. Script kiddies' systems become infected with a backdoor that steals data and subsequently…

Full article →
2025.04.16 — Android devices will restart every three days to protect user data

Google introduces a new security feature for Android devices: locked and unused devices will be automatically restarted after three days of inactivity to return their memory to an…

Full article →
2025.03.10 — Nearly a million Windows computers impacted by a malvertising campaign

According to Microsoft, nearly 1 million Windows devices fell victim to a sophisticated malvertising campaign in recent months. Cybercriminals were able to steal credentials, cryptocurrency, and sensitive…

Full article →
2025.04.30 — Coinbase fixes 2FA bug that made customers panic

Cryptocurrency exchange Coinbase has fixed a bug in its Account Activity logs that caused customers to think their credentials were compromised. Earlier this month, BleepingComputer…

Full article →
2025.04.07 — Critical RCE vulnerability discovered in Apache Parquet

All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out…

Full article →