Google has published fixes for 43 vulnerabilities in the security update in March 2025 of Android, including two zero days exploited in targeted attacks.
The Serbian authorities used one of the zero-day days, a vulnerability of security for disclosing high severity information (CVE-2024-50302) In the pilot of the Linux nucleus for human interface devices, to unlock confiscated devices.
The flaw would have been exploited as part of an Zero-Day Android operating chain developed by the Israeli Digital Medicine Society, Celbite to unlock confiscated devices.
The operating chain-which also includes a zero-day USB video class (CVE-2024-53104) corrected last month and an Alsa Usb-Sound Zero-Day driver)-was found by the Amnesty International security laboratory in the middle of 2024 while analyzing the newspapers found on a device unlocked by the Serbian authorities.
Google told Bleeping Composted last week that they had shared fixes for these faults with OEM partners in January.
“We were aware of these vulnerabilities and exploitation risks before these reports and of the fixes quickly developed for Android. The fixes were shared with OEM partners in a partner notice on January 18,” Google spokesperson to Bleeping Computer.
The second day zero set this month (CVE-2024-43093) is a vulnerability to climb the Android Framework privilege which allows local attackers to access sensitive directories due to unicode normalization by using a File Path Filter Filter bypass without Additional execution privileges or user interaction.
This Android Security Updates of this month also tackle 11 vulnerabilities which can allow attackers to win a distant code execution on vulnerable devices.
Google has published two sets of safety fixes, the 2025-03-01 And 2025-03-01 Levels of safety fixes. The latter is delivered with all the fixes of the first batch and the fixes for third-party components and the core with closed source, which may not apply to all Android devices.
Google Pixel devices immediately receive updates, while other suppliers will often take more time to test and refine safety fixes for their hardware configurations.
Manufacturers can also prioritize the set of previous fixes for faster updates, which does not necessarily indicate an increased operating risk.
In November, the company corrected another Android Zero-Day (CVE-2024-43047), which was first operated by Google Project Zero in October 2024 and used by the Serbian government in Novispy Spy Software attacks targeting the Android devices of activists, journalists and demonstrators.
