At the beginning of this week, Google released the first security patches for Android devices in 2025. In total, the updates address 36 vulnerabilities, including critical flaws in the System component. As is customary, the update was divided into two parts: the “2025-01-01 security patch” and the “2025-01-05 security patch.” The first patch resolves 24 vulnerabilities, while the second addresses 12.
Five vulnerabilities have been classified as critical: CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747, and CVE-2024-49748. These flaws could lead to remote code execution and affect Android versions 12, 12L, 13, 14, and 15. “The most severe of these issues is a critical security vulnerability in the System component that could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed,” Google reports.
Additionally, nine vulnerabilities affecting the System component were rated as high risk. A similar number were found in the Framework component, while the Media Framework component was affected by one bug. These vulnerabilities could potentially allow attackers to escalate privileges, disclose sensitive information, and, once again, execute code remotely.
As noted, the “2025-01-05 security patch” resolves 12 vulnerabilities in components from Imagination Technologies, MediaTek, and Qualcomm. Pixel smartphones have also received their dedicated updates, which include a fix for the CVE-2024-53842 vulnerability that could lead to remote code execution.
