Security vulnerabilities are a common concern in the technology industry. This makes it essential to use devices, whether PCs or smartphones, that continue to receive regular security updates to address and fix these weaknesses. For example, in February, Google released a security bulletin that highlights multiple vulnerabilities in the Android operating system that have been patched.
CVE-2024-53104: A Critical Kernel Vulnerability
Among the vulnerabilities mentioned, two have drawn particular attention from the media. The first is CVE-2024-53104, a high-severity flaw affecting the Android kernel. According to the bulletin, this vulnerability is believed to be subject to limited and targeted exploitation.
While Google does not provide extensive details about this flaw, a page from the Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. clarifies that it is an "out-of-bounds write vulnerability in the uvc_parse_streaming component of the USB Video Class (UVC) driver," which could lead to a physical privilege escalation.
CVE-2024-45569: A Critical Flaw in Qualcomm's WLAN Subcomponent
The second flaw, CVE-2024-45569, is currently not being exploited, but it is still considered “critical.” This vulnerability affects the WLAN subcomponent on hardware provided by Qualcomm to various smartphone manufacturers.
How to Protect Yourself from These Vulnerabilities
As previously mentioned, the vulnerabilities listed in Google’s security bulletin have already been patched. However, these fixes currently only apply to the open-source version of Android (AOSP), which means that Google has resolved the issues in the base Android system. Smartphone manufacturers are now responsible for deploying these patches to their devices.
The Role of Smartphone Manufacturers in Patching Vulnerabilities
The challenge lies in the fact that different manufacturers respond to these updates at different speeds. If you own a Google Pixel device, you're in luck: Google has already begun rolling out the February security patches to Pixel devices running Android 15, and the updates will continue to be distributed over the coming week.
Best Practices for Ensuring Device Security
To better protect your device from security threats, ensure that you are using a smartphone that still receives timely security updates from the manufacturer, and always install updates as soon as they become available. These updates not only introduce new features but also address critical vulnerabilities. Before purchasing a smartphone, you should also research the brand's update policy and how responsive they are to deploying security patches, as some manufacturers are slower than others in this regard.
In summary, Google has fixed one vulnerability that could have been actively exploited and another critical flaw. While Google has started rolling out the necessary updates for its Pixel devices, it may take longer for other manufacturers to do the same for their Android devices.