Google has rolled out its monthly Android Security Bulletin for March 2025, fixing a total of 44 vulnerabilities, including two high-severity flaws that have been actively exploited in the wild.
Critical Vulnerabilities Under Active Exploitation
Among the patched vulnerabilities, two have been flagged as high-severity privilege escalation flaws that pose significant security risks to Android users:
- CVE-2024-43093 – A privilege escalation vulnerability in the Framework component that could allow unauthorized access to sensitive directories, including Android/data, Android/obb, and Android/sandbox, along with their subdirectories.
- CVE-2024-50302 – A privilege escalation flaw in the HID USB component of the Linux kernel that could enable a local attacker to leak uninitialized kernel memory via specially crafted HID reports.
It is noteworthy that CVE-2024-43093 was previously highlighted by Google in its November 2024 security advisory as actively exploited in the wild. However, the reason for its reappearance in this month’s bulletin remains unclear.
CVE-2024-50302, on the other hand, played a key role in a zero-day exploit linked to Cellebrite, a digital forensics company. This vulnerability was part of an attack chain, alongside CVE-2024-53104 and CVE-2024-53197, and was used to compromise the Android device of a Serbian youth activist in December 2024. The attackers leveraged these flaws to escalate privileges and likely deploy a spyware strain known as NoviSpy.
All three vulnerabilities in the Linux kernel were patched by the end of 2024, with CVE-2024-53104 specifically addressed in last month’s Android security update.
March’s Android Security Bulletin Adds Two Security Patch Levels
In its advisory, Google acknowledged that CVE-2024-43093 and CVE-2024-50302 had been subjected to “limited, targeted exploitation.” To mitigate these risks, the company has issued two security patch levels, 2025-03-01 and 2025-03-05, with the idea to provide flexibility for Android partners to address the vulnerabilities efficiently.
Android users are strongly advised to install the latest security updates as soon as they become available to protect their devices from potential exploits. Google has yet to provide further details regarding the extent of exploitation, but updates are expected as more information becomes available.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: