True to form, Google has just published the Android security bulletin for February 2025. As the Mountain View giant explains in the report, 48 vulnerabilities have been identified in the operating system. Patches have been made available to manufacturers.
Among the vulnerabilities discovered and corrected by Google is a flaw located in the Android Linux kernel. This is the central part of the operating system that manages communication between hardware and software.
A flaw in the Android kernel
In detail, it concerns the USB Video Class (UVC) driver, dedicated to managing video devices connected to the USB port. The problem lies in the management of video frames, i.e. the images sent by a USB camera. One of the kernel functions is supposed to process frames transmitted by the device.
A special type of frame, considered an unknown or undefined video format, crashes the driver. It tries to read and process these frames, even if they are poorly formatted. Typically, frames of this type are simply ignored by the system.
The bug results in an out-of-bounds write problem in memory, a computer error that occurs when a program writes data outside of its assigned memory area. In this scenario, the smartphone can sometimes start crashing unexpectedly.
By exploiting this flaw, an attacker can gain administrative privileges on the targeted system. From then on, he is free to arbitrary code execution on the smartphone he has in his sights. This opens the door to all kinds of abuse, such as installing malware that will result in data theft.
As Google indicates, the vulnerability has been actively exploited by hackers "in a targeted and limited manner". Hackers have used it to attack specific targets. This is not a large-scale attack. However, we recommend that you install the patches as soon as they are available on your Android device.
A flaw in a Qualcomm module
At the same time, Google is also correcting a critical vulnerability in Qualcomm's WLAN component (Wireless Local Area Network). As Qualcomm explains, it is a memory corruption problem that occurs due to an error in the component's firmware. This bug is related to the way the device processes certain information sent over a Wi-Fi network.
Through this vulnerability, a hacker can execute malicious code, modify data in memory, or cause the smartphone to crash, without requiring any special rights or any interaction from the user. Simple to carry out, the offensive allows the OS to be quickly compromised remotely.
Google released two security patches in February 2025. In addition to the usual patch, there are additional patches for certain third-party and kernel components. Not all Android devices are affected by these additional patches. This approach gives manufacturers "the ability to more quickly patch a subset of similar flaws across all Android devices," Google explains.
To check if the patch is already available on your smartphone, simply go to the Settings menu, then to the About device section, and then to Software update. If an update is available, simply click Run update to install it.
Source: Android.com
0 Comments