Google patches 47 Android flaws, Including Actively Exploited CVE-2024-53104

Google has released patches for 47 security flaws in Android, including one that is actively being exploited. CVE-2024-53104 (CVSS score: 7.8) is a vulnerability that allows privilege escalation in the USB Video Class (UVC) driver kernel component.

Successful exploitation of the flaw could lead to physical escalation of privilege, Google said, noting that it’s aware that it may be under “limited, targeted exploitation.”

• Vulnerabilities

AMD Patches CPU Vulnerability

By infosecbulletin / Wednesday , February 5 2025

AMD announced patches on Monday for a microprocessor vulnerability that risks the loss of Secure Encrypted Virtualization (SEV) protection, potentially...

Read More

• Alert
• Cyber Attack
• Vulnerabilities

Hackers To Use HTTP Client Tools To Compromise Microsoft 365 Accounts

By infosecbulletin / Wednesday , February 5 2025

Hackers are using HTTP client tools for advanced account takeover attacks on Microsoft 365. Seventy-eight percent of Microsoft 365 tenants...

Read More

• Alert
• Vulnerabilities

Google patches 47 Android flaws, Including Actively Exploited CVE-2024-53104

By infosecbulletin / Wednesday , February 5 2025

Google has released patches for 47 security flaws in Android, including one that is actively being exploited. CVE-2024-53104 (CVSS score: 7.8)...

Read More

• Alert
• Vulnerabilities

CVE-2025-21415
Microsoft Patches Critical Azure AI Face Service Vulnerability

By infosecbulletin / Tuesday , February 4 2025

Microsoft has released patches for two critical security flaws in Azure AI Face Service and Microsoft Account that could allow...

Read More

• Daily Security Update

Daily Security Update Dated:4.02.2025

By infosecbulletin / Tuesday , February 4 2025

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...

Read More

• Vulnerabilities

768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023

By infosecbulletin / Tuesday , February 4 2025

In 2024, 768 vulnerabilities with CVE identifiers were reported as exploited in the wild, a 20% increase from 639 in...

Read More

• Cyber Attack
• Vulnerabilities

.Gov Domains Weaponized in Phishing Surge

By infosecbulletin / Monday , February 3 2025

A recent report from Cofense Intelligence highlights a concerning trend: threat actors are increasingly misusing .gov top-level domains (TLDs) to...

Read More

• Event

RedSentry presents
Hacked 101 Seminar Successfully Ended at UITS

By infosecbulletin / Sunday , February 2 2025

The cybersecurity seminar "RedSentry presents: Hacked 101," organized by RedSentry with the University of Information Technology and Sciences (UITS) as...

Read More

• Uncategorized

US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”

By infosecbulletin / Sunday , February 2 2025

Researchers at the University of California, Berkeley, claims they’ve managed to reproduce the core technology behind DeepSeek’s at a total...

Read More

• Hot Topic

ChatGPT, DeepSeek, Qwen 2.5-VL Vulnerable to AI Jailbreaks

By infosecbulletin / Sunday , February 2 2025

This week, multiple research teams showcased jailbreaks for popular AI models, including OpenAI's ChatGPT, DeepSeek, and Alibaba's Qwen. After its...

Read More

The specific details about the vulnerability have not been shared, but Linux kernel developer Greg Kroah-Hartman mentioned in early December 2024 that it originates in the Linux kernel, first appearing in version 2.6.26, released in mid-2008.

Specifically, it has to do with an out-of-bounds write condition that could arise as a result of parsing frames of type UVC_VS_UNDEFINED in a function named “uvc_parse_format()” in the “uvc_driver.c” program.

This flaw could lead to memory corruption, program crashes, or unauthorized code execution.

It’s unclear who is exploiting the vulnerability, but GrapheneOS suggests it could be misused by forensic data extraction tools for physical privilege escalation.

Google’s monthly security updates also fixed a critical flaw in Qualcomm’s WLAN component (CVE-2024-45569, CVSS score: 9.8) that could cause memory corruption.

Google has released two security patch levels, 2025-02-01 and 2025-02-05, to help Android partners quickly address similar vulnerabilities across devices.

“Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level,” Google said.