Google Issues Critical Security Warnings for Millions of Android Device Users

by Victor AwogbemilaThursday, January 09, 2025, 01:50 PM EDT
The January 2025 Android Security Bulletin is out, and it spells bad news for Android 12 to 15 users. The latest security update fixes 36 critical vulnerabilities, including five critical bugs in the System component. "The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed," Google stated.

The key to protecting yourself from these expolits is to update your devices to the security patch level 2025-01-05 or later. According to the bulletin, the update is in two parts: the 2025-01-01 security patch level and 2025-01-05 security patch level. The earlier New Year's security patch contains patches for 24 vulnerabilities in Android's Framework, Media Framework, and System components.

The aforementioned five critical issues are being tracked as CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747, and CVE-2024-49748. All Android versions between 12 and 15, inclusive, are affected. These five issues are so dangerous because they are "Remote Code Execution" (RCE) bugs, which present vulnerabilities that bad actors can use to execute malicious code on an Android device remotely.

Make sure you have the latest Android security updates to mitigate these exploits.

On Tuesday, Google fixed a critical security flaw (CVE-2024-53842) in the baseband subcomponent of Pixel phones. According to Google, all supported Pixel devices will benefit from the 2025-01-05 patch level, including patches for CVE-2024-53842 and for all the vulnerability concerns addressed in Android's January 2025 security bulletin, as noted above. The tech leader added that Android Automotive and Wear OS devices will also get the 2025-01-05 patch level.

Besides Android's own components, the 2025-01-05 security patch also contains 12 security vulnerability patches for software components (i.e. drivers) to support hardware from Imagination Technologies, MediaTek, and Qualcomm. If you've got the latest security updates already, then you're home free—at least, as far as the 36 flaws in the January 2025 Android Security Bulletin go.
