Android Unleashes 2025’s First Security Update: A Fortress Against Vulnerabilities!

Android has launched its initial security update for the year, revealing multiple critical and high-severity flaws affecting a vast array of Android devices.

The advisory points out five critical remote code execution (RCE) vulnerabilities impacting what Android defines as the “system,” which includes the core components and foundational architecture of Android. These vulnerabilities could enable attackers to run code without requiring extra privileges. Devices that receive a security patch level dated January 5, 2025, or subsequent are safeguarded against these vulnerabilities.

The vulnerabilities are detailed as follows:

• CVE-2024-43096
• CVE-2024-43770
• CVE-2024-43771
• CVE-2024-49747
• CVE-2024-49748

Samsung, which utilizes Android as the operating system for its devices, released a fix for these vulnerabilities in a December update.

The vulnerabilities were identified by experts at Oppo’s Amber Security Lab. Oppo is a Chinese consumer electronics brand that operates a customized version of the Android OS on its products.

Moreover, the advisory provides insights on vulnerabilities in components from external vendors, including MediaTek and Qualcomm.

A vulnerability in MediaTek’s modem chipset (CVE-2024-20154) could permit data to be written inappropriately due to the absence of checks ensuring it remains within secure boundaries. This issue could potentially allow an individual to control the device remotely by deceiving it into connecting to a counterfeit cell tower.

A specific Qualcomm vulnerability, noted as CVE-2024-21464, arises from an issue in the component of a device that oversees data networks and connections. There is a problem when data is copied without verifying if it fits correctly into the available memory space. This may lead to errors in memory, particularly when there are no active users utilizing the device’s internet functionalities.

Users with Google-issued devices, such as the Google Pixel, or associated Android partners, are urged to apply these patches swiftly and effectively.

You can read the complete advisory here.