Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

First Android Update of 2025 Patches Critical Code Execution Vulnerabilities

This year’s first batch of monthly security updates for Android resolves 36 vulnerabilities, including critical remote code execution flaws.

Android security updates

Google on Monday announced the first set of Android security updates for 2025, which include patches for 36 vulnerabilities, including five critical-severity bugs in the System component.

As usual, the update is divided into two parts, with the first arriving on devices as the 2025-01-01 security patch level and containing fixes for 24 vulnerabilities in Android’s Framework, Media Framework, and System components.

Tracked as CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747, and CVE-2024-49748, the five critical issues are described as remote code execution bugs and affect Android versions 12, 12L, 13, 14, and 15.

“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed,” Google notes in its advisory.

The update also resolves nine high-severity flaws in the System component, nine in Framework, and one in Media Framework. These vulnerabilities could lead to elevation of privilege, information disclosure, remote code execution, and denial-of-service.

The second part of the update, which arrives on devices as the 2025-01-05 security patch level, contains patches for 12 security defects in the Imagination Technologies, MediaTek, and Qualcomm components.

Devices running a security patch level of 2025-01-05 contain fixes for all 36 flaws in Android’s January 2025 security bulletin, as well as for those in previous bulletins.

On Tuesday, Google also announced the release of fixes for a critical-severity remote code execution flaw in the baseband subcomponent of Pixel devices, tracked as CVE-2024-53842.

Advertisement. Scroll to continue reading.

All supported Google devices, the internet giant says, will receive an update to the 2025-01-05 patch level, which includes patches for CVE-2024-53842 and for all the vulnerabilities described in Android’s January 2025 security bulletin.

Devices running the Android Automotive OS and Wear OS platforms will also receive the 2025-01-05 patch level, albeit the updates will not address vulnerabilities specific to those platforms.

Google makes no mention of any of these vulnerabilities being exploited in the wild, but users are advised to update their devices as soon as possible.

Related: Android’s December 2024 Security Update Patches 14 Vulnerabilities

Related: Botnet of 190,000 BadBox-Infected Android Devices Discovered

Related: Android Zero-Day Exploited in Spyware Campaigns, Amnesty International Points to Cellebrite

Related: Google Open Sources Security Patch Validation Tool for Android

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

Adam Zoller has joined CrowdStrike as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.