FlagThis

CyberSecurity updates
2025-02-05 23:23:37 Pacfic
info@thehackernews.com (The Hacker News) @ The Hacker News
Google Patches Actively Exploited Android Kernel Zero-Day - 1d
Read more: thehackernews.com

Google has released the February 2025 Android security updates, patching a total of 48 vulnerabilities. Among these fixes is a critical zero-day kernel vulnerability, identified as CVE-2024-53104, which Google has confirmed is being actively exploited in the wild. This particular flaw is a privilege escalation issue found within the USB Video Class (UVC) driver, potentially allowing attackers to gain elevated permissions on affected devices.

The vulnerability, with a CVSS score of 7.8, stems from an out-of-bounds write condition within the "uvc_parse_format()" function of the "uvc_driver.c" program, specifically when parsing UVC_VS_UNDEFINED frames. This flaw, present since Linux kernel version 2.6.26 released in mid-2008, could lead to memory corruption, program crashes, or even arbitrary code execution. While the specific actors behind the exploitation remain unclear, the potential for "physical" privilege escalation raises concerns about misuse by forensic data extraction tools.

Original img attribution: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyS7gKD2g-ga3K8Vx4wXMpDINr9jYYajYkQLoq9EROlLzaQ-Alsg8HX7zF-HW0khnOHxu-NSSPKWA_SmClwjD8KPDuwMVr9o17BZBsrmp7QUatChZ8iP1K03GiSCgJEyMsf-U48K0toEuxpO-SkTCk_MsNRmwDtN9TM2CN3P0WkAV2CzWelYvEH4dZA2kI/s728-rw-e365/android.png
ImgSrc: blogger.googleusercontent.com
References:
  • cyberinsider.com - Google Fixes Zero-Day Flaw Exploited in Targeted Android Attacks - 1d
  • @BleepingComputer - The February 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability tagged as exploited in the wild. - 1d
  • Security Archives - Security Affairs - Google fixed actively exploited kernel zero-day flaw - 1d
  • The Hacker News - Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 - 1d
  • CyberInsider - Google Fixes Zero-Day Flaw Exploited in Targeted Android Attacks - 1d
  • ciso2ciso.com - Google fixed actively exploited kernel zero-day flaw - 1d
  • @BleepingComputer - The February 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability tagged as exploited in the wild. - 17h
  • @jos1264 - Social post about google actively exploited kernel zero-day flaw. - 13h
  • www.bleepingcomputer.com - The February 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability tagged as exploited in the wild. - 10h

Classification:

This site is an experimental news aggregator using feeds I personally follow. You can provide me feedback using this form or using Bluesky.