Google has launched its per month Android Safety Bulletin for March 2025 to handle a complete of 44 vulnerabilities, together with two that it mentioned have come underneath energetic exploitation within the wild.
The 2 high-severity vulnerabilities are indexed beneath –
- CVE-2024-43093 – A privilege escalation flaw within the Framework element that might lead to unauthorized get admission to to “Android/knowledge,” “Android/obb,” and “Android/sandbox” directories, and their respective sub-directories.
- CVE-2024-50302 – A privilege escalation flaw within the HID USB element of the Linux kernel that might result in a leak of uninitialized kernel reminiscence to a neighborhood attacker via specifically crafted HID studies.
It is price noting that CVE-2024-43093 used to be prior to now flagged by way of Google in its safety advisory for November 2024 as actively exploited within the wild. It is not transparent what precipitated the tech massive to factor the alert a 2nd time.
The Hacker Information has reached out to Google for additional remark, and we will be able to replace the tale if we pay attention again.
CVE-2024-50302, alternatively, is likely one of the 3 vulnerabilities that have been chained right into a zero-day exploit devised by way of Cellebrite to damage right into a Serbian adolescence activist’s Android telephone in December 2024.
The exploit concerned the usage of CVE-2024-53104, CVE-2024-53197, and CVE-2024-50302 to realize increased privileges and most likely deploy an Android adware dubbed NoviSpy.
All 3 vulnerabilities are living within the Linux kernel and have been patched past due final yr. CVE-2024-53104 used to be addressed by way of Google in Android final month.
In its advisory, Google stated that each CVE-2024-43093 and CVE-2024-50302 have come underneath “restricted, centered exploitation.”
The Mountain View-based corporate has launched two safety patch ranges, 2025-03-01 and 2025-03-05, with the intention to give flexibility to Android companions to handle a portion of vulnerabilities which are equivalent throughout all Android gadgets extra briefly.