FlagThis

Google has released February 2025 Android security updates, patching 48 vulnerabilities, including a zero-day kernel vulnerability (CVE-2024-53104) that is actively exploited in the wild. This vulnerability is a privilege escalation in the USB Video Class (UVC) driver. The updates are available for Android 12 through Android 15 devices, addressing issues in Framework, System, Kernel, and vendor components.

A high-severity privilege escalation vulnerability, CVE-2025-0065, has been identified in TeamViewer’s Windows client and host applications. This flaw allows attackers to elevate their privileges on the system by exploiting improper neutralization of argument delimiters in the TeamViewer_service.exe component, which could lead to complete control over the affected systems. Patches have been released to address this flaw, which has a CVSS score of 7.8.

Multiple vulnerabilities have been discovered in rsync, a widely used file transfer program. Six vulnerabilities have been identified, including a critical remote code execution (RCE) vulnerability (CVE-2024-12084) that allows attackers with anonymous read access to an rsync server to execute arbitrary code on the machine. Other vulnerabilities include information leaks and symlink issues. Users are advised to upgrade to rsync version 3.4.0, released on January 14th, to patch these issues and ensure system security. This highlights the importance of timely patching and update process for critical network utilities.

Apache has released security updates to address multiple critical vulnerabilities, including a SQL Injection flaw, affecting MINA, HugeGraph-Server, and Traffic Control products. These vulnerabilities, if exploited, could allow attackers to compromise systems, highlighting the importance of immediate patching. Organizations using these Apache products should prioritize updating them to the latest versions to mitigate the risk of exploitation.

Multiple critical vulnerabilities have been discovered in Apache software products, including Apache HugeGraph-Server (CVE-2024-43441), Apache Traffic Control (CVE-2024-45387), and Apache MINA (CVE-2024-52046). CVE-2024-43441 allows authentication bypass in HugeGraph-Server, potentially leading to unauthorized access. CVE-2024-45387 in Traffic Control enables SQL injection attacks. CVE-2024-52046 in MINA allows remote code execution via deserialization flaws. Users are urged to apply security patches immediately, with MINA requiring additional configuration to restrict class deserialization.