Google has issued its monthly Android Security Bulletin for March 2025, addressing a total of 44 vulnerabilities. Notably, two of these vulnerabilities have been reported to be under active exploitation in the wild.
The two high-severity vulnerabilities in question are:
- CVE-2024-43093 – This vulnerability is a privilege escalation flaw within the Framework component. It could potentially allow unauthorized access to the “Android/data,” “Android/obb,” and “Android/sandbox” directories and their respective sub-directories.
- CVE-2024-50302 – This is a privilege escalation flaw located in the HID USB component of the Linux kernel. It could lead to the leakage of uninitialized kernel memory to a local attacker through specially crafted HID reports.
It is worth mentioning that CVE-2024-43093 was previously identified by Google in its security advisory for November 2024 as being actively exploited in the wild. The reasons behind the tech giant’s decision to issue the alert a second time are not clear.
The Hacker News has reached out to Google for additional comments and will update the story if a response is received.
CVE-2024-50302 was one of the three vulnerabilities utilized by Cellebrite in a zero-day exploit to breach the Android phone of a Serbian youth activist in December 2024.
The exploit involved chaining CVE-2024-53104, CVE-2024-53197, and CVE-2024-50302 to gain elevated privileges, likely for the deployment of an Android spyware known as NoviSpy.
All three vulnerabilities are located in the Linux kernel and were patched late last year. CVE-2024-53104 was addressed by Google in Android last month.
Google’s advisory notes that both CVE-2024-43093 and CVE-2024-50302 have been subjected to “limited, targeted exploitation.”
To provide flexibility to Android partners in addressing vulnerabilities that are common across all Android devices more quickly, Google has released two security patch levels: 2025-03-01 and 2025-03-05.
