By
As mobile phone usage is the norm, security for devices running mobile operating systems is critical. Normally, you cannot know what vulnerabilities your devices have without actually looking at them or installing a 3rd party agent. At least that was the case before MrBenny!
Last month brought the disclosure of several high-impact security flaws in both the Android operating system and some popular apps (such as Telegram), starting from the famed Android Security Bulletins. Tracking these issues is crucial for tech persons and everyday users alike. Notably for February 2025, one zero-day kernel flaw was under active exploitation, and a critical wireless chipset bug posed a risk of remote code execution.
|
CVE |
Affected software |
Severe |
CVSS |
Exploited? |
Impact |
|
CVE-2024-53104 |
Android OS – Linux kernel (UVC driver) |
High |
7.8 |
Yes (targeted) |
Privilege escalation via out-of-bounds write (physical access). |
|
CVE-2024-45569 |
Android OS – Qualcomm WLAN Firmware |
Critical |
9.8 |
No |
Remote code execution via Wi-Fi (memory corruption). |
|
CVE-2025-0088 |
Android OS – Linux kernel (misc. EoP bug) |
High |
7.0* |
No |
Privilege escalation on device (local exploit). |
|
CVE-2024-54916 |
Telegram Messenger (Android client) |
Medium |
6.8 |
No |
Passcode lock bypass by local attacker (authentication flaw) |
|
CVE-2024-36437 |
TextNow Messaging App (Android) |
Medium |
6.5 |
No |
Unauthorised phone calls via malicious app (intent abuse). |
*CVSS 7.0 is low High severity, estimated for CVE-2025-0088 since it is described as high severity only.
Kernel Zero-Day: USB Video Driver Privilege Escalation (CVE-2024-53104)
This was an actively exploited vulnerability in the Android kernel’s USB Video Class (UVC) driver. The vulnerability resides in how the UVC driver parses certain camera video frames, causing a miscalculation that could write data outside the intended memory bounds, allowing an attacker to execute arbitrary code or crash the device by exploiting the overflow.
What makes CVE-2024-53104 particularly noteworthy is its longevity and exploitation in the wild. The underlying bug was introduced back in 2008 with Linux kernel, meaning many Linux-based devices (including numerous Android versions) were potentially affected for years. It was first disclosed in late 2024 and by February 2025, Google confirmed “limited, targeted exploitation” of it. In practice, the exploit requires physical access or a malicious accessory (like a rigged USB device) to trigger the flawed video parsing – essentially a “physical” privilege escalation path. This has led experts to suspect that forensic tools were leveraging the bug to break into locked devices via USB.
Solution
Google and the Android security team responded by patching this kernel bug The fix involved correcting the frame size calculation and skipping parsing of unsupported frame types to prevent the overflow. Users are strongly urged to install the latest security updates, as this vulnerability is already being used, even though the exploit requires physical access (limiting broad Internet-based attacks). Enterprise customers can also consider enabling USB restrictions (if available) to mitigate risk.
Critical Qualcomm WLAN RCE: Wi-Fi Chip Firmware Flaw (CVE-2024-45569)
Android patches also included a fix for CVE-2024-45569, a critical vulnerability (CVSS 9.8) in the firmware of Qualcomm’s WLAN (Wi-Fi) component. Qualcomm’s chipsets are used in a majority of Android smartphones. The vulnerability stems from a memory corruption error as the Wi-Fi firmware did not safely handle specific wireless packets, allowing an attacke to send a malicious Wi-Fi frame that writes data outside expected bounds. This flaw could potentially enable a remote code execution (RCE) attack on the device’s Wi-Fi subsystem. With no user interaction required and no privileges needed, an attacker could potentially read or modify wireless communications or disable the device’s connectivity via this flaw. Still, CVE-2024-45569 was not reported as exploited in the wild at disclosure, but the critical nature means it is highly attractive to attackers with access so an Wi-Fi network, and the normal user would not notice anything unusual.
Solution
Google’s update incorporated Qualcomm’s patch for this issue and device manufacturers pushed out firmware updates which includes fixes for kernel and component vulnerabilities. Users should ensure their Android devices have the February 2025 (or later) security patch level – se your Settings > About Phone. If your device hasn’t received the updates (common for older phones), limit exposure by avoiding unknown Wi-Fi networks and keeping Wi-Fi turned off in untrusted locations.
Other critical kernel vulnerabilities (CVE-2025-0088 etc)
Aside from the above two, the Android Security Bulletin for February 2025 also fixed numerous other high-severity OS vulnerabilities. CVE-2025-0088 is listed above as a kernel bug of high severity, even if it is not known to be exploited. Since this bug and other vulnerabilities could potentially be combined with other exploits, patching as fast as possible is still critical.
Two vulnerabilities in Telegram and TextNow on Android
Passcode Bypass in Telegram Messenger (CVE-2024-54916): A vulnerability was identified in Telegram’s Android client (version 11.7.0) that could allow a person with physical access to your phone to bypass Telegram’s local passcode lock. Telegram offers an in-app passcode feature to prevent unauthorized access to chats. However, an attacker with the phone in hand (or malware with root privileges) could trick Telegram into believing the correct passcode was entered, thereby viewing private chats and messages. The CVSS was 6.8, reflecting that the attack requires physical proximity. While this isn’t as severe as a remote attack, it’s a notable weakness for an app touted for its security as Telegram.
Unauthorized Call Vulnerability in TextNow (CVE-2024-36437): It was also discovered that the TextNow app (another popular VoIP calling and texting app) had an exposed activity that could be invoked by other apps without permission. In TextNow version 24.17.0.2, any malicious app installed on the same device could silently initiate phone calls. The CVSS score was 6.5 (Medium), but the impact could be serious – imagine an unwanted call made from your phone without your knowledge, or an attacker using it to rack up charges or verify accounts via phone.
Solution is for the app developers to release patches and users to promptly install updates from the Google Play Store. It’s also wise to only install apps from reputable sources and with a good security track record. Utilize Google Play Protect (enabled by default on certified Android devices) which can warn or block known vulnerable or malicious apps. Additionally, general good practices help limit the impact of vulnerabilities: avoid using untrusted USB devices, be cautious on public Wi-Fi and limit the number of apps you are using.
February 2025 underscores the importance of regular updates and vulnerability awareness for Android users which are not safe from threats. User proactiveness in updating devices remains a last line of defense, for which you need to be informed. This is no easy feat, but it's crucial for maintaining a robust security posture. That's where Mr.Benny comes in. Try it for free now!
