In February 2025, Google released a critical security update for Android devices, addressing multiple vulnerabilities that could allow attackers to bypass passwords and gain unauthorized control over devices. The most severe of these vulnerabilities, identified as CVE-2024-53104, affects the USB Video Class (UVC) driver in the Linux kernel. This high-severity flaw enables privilege escalation, allowing malicious actors to execute arbitrary code or cause device crashes. Notably, this vulnerability has been actively exploited in targeted attacks prior to the release of the patch.
In total, the February 2025 security update addresses 47 vulnerabilities across various components of the Android operating system. These include critical remote code execution flaws in the System component, which could allow attackers to execute code without needing additional privileges. Devices running Android versions 12 through 15 are particularly vulnerable and are urged to update promptly.
Google has divided the update into two patch levels: 2025-02-01 and 2025-02-05. The former addresses vulnerabilities in the Framework, Media Framework, and System components, while the latter includes fixes for kernel and third-party component vulnerabilities from vendors such as Arm, Imagination Technologies, MediaTek, and Unisoc.
To ensure protection against these vulnerabilities, users are advised to update their devices to the latest security patch level. Pixel devices receive the update immediately, while other manufacturers like Samsung and Motorola will roll out the update subsequently. Users can check for updates by navigating to Settings > Software Update > Download and install.