Google has rolled out its monthly Android Security Bulletin for March 2025, fixing 44 security vulnerabilities, including two high-severity flaws that have been actively exploited in real-world attacks.<\/p>\n\n\n\n
The two critical vulnerabilities are:<\/p>\n\n\n\n
Notably, CVE-2024-43093 was initially highlighted in Google’s November 2024 security advisory as an actively exploited flaw. The reason behind its reappearance in this update remains unclear.<\/p>\n\n\n\n
The Hacker News has reached out to Google for clarification and will provide updates if further details emerge.<\/p>\n\n\n\n
Meanwhile, CVE-2024-50302 is among three vulnerabilities exploited in a zero-day attack orchestrated by Cellebrite to compromise the Android phone of a Serbian youth activist in December 2024.<\/p>\n\n\n\n
The attack leveraged CVE-2024-53104, CVE-2024-53197, and CVE-2024-50302 to escalate privileges and likely deploy a spyware tool known as NoviSpy.<\/p>\n\n\n\n
All three vulnerabilities, residing in the Linux kernel, were patched late last year, with Google addressing CVE-2024-53104 in its February 2025 security update.<\/p>\n\n\n\n
In its advisory, Google confirmed that both CVE-2024-43093 and CVE-2024-50302 have been exploited in “limited, targeted attacks.”<\/p>\n","protected":false},"excerpt":{"rendered":"
Google has rolled out its monthly Android Security Bulletin for March 2025, fixing 44 security vulnerabilities, including two high-severity flaws that have been actively exploited in real-world attacks. The two critical vulnerabilities are: Notably, CVE-2024-43093 was initially highlighted in Google’s November 2024 security advisory as an actively exploited flaw. The reason behind its reappearance in […]<\/p>\n","protected":false},"author":1,"featured_media":1067,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[289,16,61,285,36],"class_list":["post-364","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-android-security","tag-cybersecurity","tag-data-privacy","tag-google","tag-information-security"],"_links":{"self":[{"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/posts\/364","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/comments?post=364"}],"version-history":[{"count":1,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/posts\/364\/revisions"}],"predecessor-version":[{"id":1068,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/posts\/364\/revisions\/1068"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/media\/1067"}],"wp:attachment":[{"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/media?parent=364"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/categories?post=364"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/tags?post=364"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}