Android Security Bulletin: Critical Vulnerabilities in February 2025
The National Cybersecurity Institute (INCIBE) has issued an alert on the February 2025 Android Security Bulletin. In this update, several vulnerabilities of high and critical severity affecting various versions of the Android operating system have been identified.
Affected Devices
- Android Open Source Project (AOSP): versions 12, 12L, 13, 14 and 15 (framework, platform and system).
- Google Play.
- Components from hardware manufacturers, such as systems from MediaTek, Qualcomm and Imagination Technologies.
- Kernel subcomponents: UVC and mremap
Risks Detected
Among the main risks associated with these vulnerabilities are:
- Remote Code Execution (RCE): Allows attackers to take control of the device without user interaction.
- Privilege Escalation: An attacker could gain administrative access to the system.
- Memory Corruption: Can cause system crashes and open doors to other attacks.
- System Crash: Risk of the device ceasing to function properly.
- Gaining Unauthorized Access to Sensitive Information: Exposure of personal and private data.
Recommendations for Users
To protect against these risks, INCIBE recommends:
- Update the operating system: Check the device settings for available security patches and install them immediately.
- Check Google Play updates: Ensure that applications and system services are up to date.
- Avoid downloads from unofficial sources: Install apps only from the Play Store or verified sources.
Keeping the device up to date is critical to prevent attackers from exploiting these vulnerabilities.
For more details, you can consult the full report on the INCIBE website.
