CyberSecurity news
FlagThis
Pierluigi Paganini@Security Affairs
//
Google has released the March 2025 Android Security Bulletin, which addresses 44 vulnerabilities. Notably, the update includes patches for two zero-day flaws, identified as CVE-2024-43093 and CVE-2024-50302, that are actively being exploited in the wild. The high-severity vulnerability CVE-2024-43093 is a privilege escalation flaw in the Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories, and their respective sub-directories. CVE-2024-50302 is also a privilege escalation flaw in the HID USB component of the Linux kernel that could lead to a leak of uninitialized kernel memory to a local attacker through specially crafted HID reports.
This security update arrives after reports surfaced that Serbian authorities used one of these zero-day vulnerabilities to unlock confiscated devices. Google acknowledged that both CVE-2024-43093 and CVE-2024-50302 have come under "limited, targeted exploitation." The company has released two security patch levels to allow Android partners flexibility in addressing vulnerabilities across devices more quickly. The security patch levels are 2025-03-01 and 2025-03-05.
ImgSrc: securityaffairs
References :
This security update arrives after reports surfaced that Serbian authorities used one of these zero-day vulnerabilities to unlock confiscated devices. Google acknowledged that both CVE-2024-43093 and CVE-2024-50302 have come under "limited, targeted exploitation." The company has released two security patch levels to allow Android partners flexibility in addressing vulnerabilities across devices more quickly. The security patch levels are 2025-03-01 and 2025-03-05.
ImgSrc: securityaffairs
Share:
References :
- securityaffairs.com: Reports the release of Google's March 2025 Android security update, which addresses actively exploited zero-day vulnerabilities.
- cyberinsider.com: Google Patches Two Actively Exploited Zero-Day Flaws in Android
- The Hacker News: Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities.
- bsky.app: Google has released patches for 43 vulnerabilities in Android's March 2025 security update, including two zero-days. Serbian authorities have used one of the zero-days to unlock confiscated devices.
- Information Security Buzz: Google Issues Urgent Alert for Exploited Android Vulnerabilities
Classification:
- HashTags: #Android #SecurityUpdate #Privacy
- Company: Google
- Target: Android users
- Product: Android
- Feature: Security Update
- Type: ProductUpdate
- Severity: Major