The zero-day’s ID is CVE-2024-53104; it relates to privilege escalation in the USB Video Class driver of the Android kernel and enables authenticated local attackers to escalate their privileges.
The vulnerability originates from incorrect parsing of UVC_VS_UNDEFINED type frames in the uvc_parse_format function. As a result, the frames buffer size was calculated incorrectly resulting in out-of-bounds writes, which could be used to execute arbitrary code or deliver denial of service (DoS) attacks.
In addition to the above-mentioned zero-day vulnerability, the February set of patches fixes a critical vulnerability in Qualcomm’s WLAN component. Qualcomm describes this bug (CVE-2024-45569) as follows: memory corruption while parsing the ML IE due to invalid frame content.
CVE-2024-45569 can be used by remote attackers to execute arbitrary code or commands, read or modify memory, or cause crashes. Importantly, these attacks don’t require privileges or user interaction.
In February 2025, Google released two sets of patches: 2025-02-01 and 2025-02-05. The latter one includes all the fixes from the first set, as well as additional fixes for third-party closed-source modules and kernel elements that apply not to all Android devices.
2025.02.12 — 2.8 million IP addresses used to brute-force network devices
The Shadowserver Foundation warns of a massive web login brute-forcing attacks targeting nearly 2.8 million IP addresses per day. Unknown attackers are seeking…
Full article →
2025.01.22 — Fake Homebrew Infects macOS and Linux Machines with infostealer
Attackers use Google ads to disguise themselves as the Homebrew website and distribute malware targeting Mac and Linux systems and stealing logon credentials, browser data, and cryptocurrency wallets.…
Full article →
2025.03.24 — Alexa to stop processing data locally. All voice requests will be sent to Amazon Cloud
Amazon announced that the privacy option allowing users of Echo speakers to avoid sending their voice recordings to the company's cloud will no longer be supported. Effective March…
Full article →
2025.02.20 — Newly-discovered vulnerabilities in OpenSSH open the door to MiTM and DoS attacks
OpenSSH fixed two vulnerabilities that could result in MiTM and denial of service (DoS) attacks. Interestingly, one of these bugs appeared in the code more than 10…
Full article →
2025.04.12 — Hackers compromised a bureau within the U.S. Department of the Treasury and spent months in hacked systems
The Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury, reported a major cybersecurity incident. Unknown attackers had…
Full article →
2025.01.25 — 18,000 script kiddies have been infected with backdoor via XWorm RAT builder
According to CloudSEK analysts, malefactors attack novice hackers using a fake malware builder. Script kiddies' systems become infected with a backdoor that steals data and subsequently…
Full article →
2025.02.17 — Dutch police seize 127 servers belonging to Zservers hosting provider
Following the introduction of international sanctions against Zservers, Russian 'bulletproof' hosting services provider, the Dutch National Police (Politie) shut down and seized 127 servers belonging to Zservers/XHost.…
Full article →
2025.02.28 — Qualcomm extends support for Android devices to 8 years
Qualcomm Technologies announced its collaboration with Google with the purpose to provide extended support for OEM devices running on company's flagship chipsets. This partnership will…
Full article →
2025.04.29 — FBI Offers 10 million USD for information on Salt Typhoon members
The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year's attack that had…
Full article →
2025.02.18 — Chrome Enhanced Protection mode is now powered by AI
The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.…
Full article →