Google has just released February’s Android security update, and this one comes with a zero-day sting in the tail. “There are indications,” Google warns, that a vulnerability within Android’s core “may be under limited, targeted exploitation.“ Put more simple, you need to update your phone as soon as the new software is released.
There are a raft of high-severity updated included within the update, and Google emphasizes that “exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform,” which is another way of saying update now. There is also the usual nod to Play Protect.
The Play Protect security platform is becoming ever more central to Android’s defense against malware and permission abuse, and has been shored up and seen its remit expanded multiple times over the last year. “Google Play Protect is enabled by default on devices with Google Mobile Services,” the company points out, “and is especially important for users who install apps from outside of Google Play.”
The most serious of the new vulnerabilities, Google warns, “could lead to local escalation of privilege with no additional execution privileges needed.” And while the implication is that this is the usual highly targeted exploitation in the wild, we have seen multiple instances of such exploits finding their way into more widely deployed spyware in fairly short order. Once any exploit is out in the open, it quickly worsens.
CVE-2024-53104 is the exploited vulnerability, which is an escalation of privileges threat to Android’s Linux kernel. Mishandling media files can trigger out-of-bounds memory issues, destabilizing the system. There will be no more detail made available until users have a chance to download and install the fix.
The updates affect all current versions of Android, albeit some of the newer enhancements to Android 14 and Android 15 are evident as several of the serious issues affect only older versions of the OS. But not all of them. This update includes high-severity fixes across the board, and so everyone needs to update.
As usual, the rollout schedule will be determined by manufacturer, model, region and carrier, and so you need to check your device or your manufacturer’s or carrier’s website for more information. This month’s update will be especially interesting for Samsung users, given the imminent release of One UI 7 / Android 15 and the Galaxy S25.
We expect seamless updating to make its way onto the S25, matching Pixels, but the latest firmware released for the new device doesn’t yet include January’s security update, so it’s not all good news.
