Google has rolled out its monthly Android Security Bulletin for March 2025, fixing 44 security vulnerabilities, including two high-severity flaws that have been actively exploited in real-world attacks.
The two critical vulnerabilities are:
- CVE-2024-43093 – A privilege escalation issue within the Framework component, potentially allowing unauthorized access to directories such as “Android/data,” “Android/obb,” and “Android/sandbox,” along with their subdirectories.
- CVE-2024-50302 – A privilege escalation vulnerability in the HID USB component of the Linux kernel that could expose uninitialized kernel memory to a local attacker via specially crafted HID reports.
Notably, CVE-2024-43093 was initially highlighted in Google’s November 2024 security advisory as an actively exploited flaw. The reason behind its reappearance in this update remains unclear.
The Hacker News has reached out to Google for clarification and will provide updates if further details emerge.
Meanwhile, CVE-2024-50302 is among three vulnerabilities exploited in a zero-day attack orchestrated by Cellebrite to compromise the Android phone of a Serbian youth activist in December 2024.
The attack leveraged CVE-2024-53104, CVE-2024-53197, and CVE-2024-50302 to escalate privileges and likely deploy a spyware tool known as NoviSpy.
All three vulnerabilities, residing in the Linux kernel, were patched late last year, with Google addressing CVE-2024-53104 in its February 2025 security update.
In its advisory, Google confirmed that both CVE-2024-43093 and CVE-2024-50302 have been exploited in “limited, targeted attacks.”