Google released the February update of Android and closed the dangerous vulnerability of the OS core in it, which was supposedly exploited by attackers. Several vulnerabilities associated with the components of manufacturers – Google partners are also closed.
Image source: Denny Müller / unsplash.com
In the update of Google Android, the CVE-2024-53104 error is closed-the vulnerability in the code included in the Linux nucleus driver of video devices with USB. Little is known about this error: in the corrected form, the algorithm misses the analysis of indefinite personnel video – otherwise the core would record data that should not be there in memory. This error could be operated to provoke a failure on the device or a complete capture of this device.
Initially, the driver code is designed to work with the USB-camera signals and other video sources, which means that the operation involves the connection of malware transmitting incorrect data to the system. Vulnerability, said in Google, could be operated in order to “physical increase privileges without the need for additional privileges for execution.” That is, to obtain control over the gadget under the control of Android, it was enough to connect a prepared device in a special way. “There are signs that the CVE-2024-53104 can be subjected to limited targeted operation,” Gogle admitted.
In total, 46 vulnerabilities were corrected in the February update. One of them, behind the CVE-2024-45569 number, was a rating of 9.8 out of 10, belonged to the Local wireless Qualcomm wireless modules and allowed to launch the remote code execution or provoke a failure on the device. Another was the vulnerability of the nucleus behind the CVE-2025-0088 number-it made it possible to replace the tables of system pages, and its operating application could provide the attacker with control over a vulnerable device. Qualcomm identified 10 vulnerabilities in the components; in components MediaTek – 5; The Imagination Technologies components – 4 related to the PowerVR graphic subsystem. The first to upgrade Android will receive the owners of Google Pixel devices, and behind them are owners of supported devices of other manufacturers. Samsung, the largest partner of Google, only finished expanding January.