Google has released His monthly Android security bulletin for March 2025 to tackle a total of 44 vulnerabilities, two of which, according to him, were being operating active in the wild.
The two high severity vulnerabilities are listed below –
- CVE-2024-43093 – A privilege climbing flaw in the framework component which could lead to unauthorized access to “Android / Data”, “Android / Obb” and “Android / Sandbox” directories and their respective sub-directories.
- CVE-2024-50302 – A lack of climbing privilege in the USB HID component of the Linux nucleus which could lead to a memory leak of the nucleus not initialized to a local attacker through specially designed HID ratios.
It should be noted that the CVE-2024-43093 was previously reported by Google in its security notice for November 2024, as actively exploited in the wild. It is not clear what prompted the technology giant to issue the alert a second time.
The Hacker News has contacted Google for more comments, and we will update the story if we hear.
The CVE-2024-50302, on the other hand, is one of the three vulnerabilities that have been chained into a zero-day feat designed by Celbite to transform into an Android phone of a young Serbs activist in December 2024.
The feat involved the use of CVE-2024-53104, CVE-2024-53197 and CVE-2024-50302 to obtain high privileges and probably deploy Android Spymetric Software Nicknamed Novispy.
The three vulnerabilities reside in the Linux nucleus and were corrected at the end of last year. The CVE-2024-53104 was discussed by Google in Android last month.
In his opinion, Google recognized that the CVE-2024-43093 and the CVE-2024-50302 have been the subject of a “limited and targeted exploitation”.
The company based in Mountain View has published two levels of security correction, 2025-03-01 and 2025-03-05, in order to give flexibility to Android partners to approach part of the similar vulnerabilities in all Android devices faster.
