Google has rolled out its March 2025 Android Security Bulletin, which covers a total of 44 vulnerabilities. Among these, two vulnerabilities are particularly concerning as they have been actively exploited in the wild.
The two critical vulnerabilities are as follows:
CVE-2024-43093: This is a privilege escalation issue within the Framework component. It could potentially allow unauthorized access to directories like “Android/data,” “Android/obb,” and “Android/sandbox,” including their subdirectories.
CVE-2024-50302: This flaw is found in the HID USB component of the Linux kernel. It could allow a local attacker to leak uninitialized kernel memory through specially crafted HID reports, leading to privilege escalation.
It is important to highlight that CVE-2024-43093 had already been identified by Google in its November 2024 security advisory as a vulnerability that was actively exploited in real-world attacks. The reason for issuing a second alert on this issue remains unclear.
According to The Ash Hacker News, Google has been contacted for additional information, and updates will be provided if a response is received.
On the other hand, CVE-2024-50302 is one of the three vulnerabilities used in a zero-day exploit to compromise an Android phone belonging to a Serbian youth activist in December 2024. The exploit utilized CVE-2024-53104, CVE-2024-53197, and CVE-2024-50302 to elevate privileges and likely deploy Android spyware called NoviSpy.
All three of these vulnerabilities are found in the Linux kernel and were patched late in 2024. CVE-2024-53104, in particular, was addressed by Google in an Android update released last month.
Google’s advisory notes that both CVE-2024-43093 and CVE-2024-50302 have been subjected to “limited, targeted exploitation.”
To ensure Android partners can address some of these vulnerabilities quickly, Google has issued two security patch levels: 2025-03-01 and 2025-03-05. These updates offer flexibility to address vulnerabilities that are common across Android devices.
