In its quarterly Android Security Bulletin for March 2025, Google addresses a full of 44 threats, two of which it claimed have been in the wild and have been actively exploited.
Below are the two highest-severity flaws outlined.
- CVE-2024-43093- A pleasure increase flaw in the Framework component that could give unauthorized access to the directories” Android/data,”” Android/obb,” and” Android/sandbox” as well as their particular subdirectories.
- – A opportunity escalation flaw in the Linux kernel’s HID USB component that could cause a nearby attacker to leak uninitialized kernel memory through specifically created HID reports.
CVE-2024-43093 was recently identified by Google as being constantly exploited in the wild in its protection advisory for November 2024. What led the software giant to challenge the call a second time is unclear.
We will update the account if we hear back from Google.
On the other hand, one of the three vulnerabilities was linked to a zero-day utilize created by Cellebrite to infiltrate a Bosnian children activist’s Android phone in December 2024 is CVE-2024-50302.
The exploit involved the use of CVE-2024-53104, CVE-2024-53197, and CVE-2024-50302 to acquire increased privileges and good install an Android spyware dubbed NoviSpy.
All three threats were patched late last year and are now found in the Linux seed. Google CVE-2024-53104 in Android next month.
In its expert, Google acknowledged that both CVE-2024-43093 and CVE-2024-50302 have come under “limited, intended abuse”.
To provide Android lovers more freedom, the Mountain View-based company has released two security patch rates, 2025-03-01 and 2025-03-05, to address some of the risks that are similar across all Android devices more quickly.