Google has published its March 2025 Android Security Bulletin, addressing a staggering total of 44 vulnerabilities. Among these, two high-severity vulnerabilities have been flagged as actively exploited in real-world settings. This ongoing risk emphasizes the necessity for business owners to maintain vigilance in their cybersecurity posture.
The first vulnerability, identified as CVE-2024-43093, pertains to privilege escalation within the Android Framework. This flaw allows unauthorized access to critical directories such as “Android/data,” “Android/obb,” and “Android/sandbox,” along with their respective subdirectories. Such access could lead to significant data exposure, posing a direct risk to operational security for organizations leveraging Android devices.
The second vulnerability, CVE-2024-50302, affects the HID USB component of the Linux kernel. This issue could enable attackers to leak uninitialized kernel memory, thereby granting local access through maliciously crafted Human Interface Device (HID) reports. Both vulnerabilities highlight significant entry points that could be exploited by threat actors, particularly those aimed at unauthorized access and privilege escalation.
Interestingly, CVE-2024-43093 had been flagged by Google in its November 2024 security advisory, indicating that it had already been under active exploitation. The reissuing of alerts underscores the ongoing threat landscape and the evolving nature of exploit techniques, although the specific rationale for this renewed alert remains unclear.
In a notable context, CVE-2024-50302 was linked to a zero-day exploit chain used by Cellebrite to compromise an Android device belonging to a Serbian youth activist in December 2024. The exploit amalgamated multiple vulnerabilities, namely CVE-2024-53104, CVE-2024-53197, and CVE-2024-50302, enabling escalated privileges to potentially deploy sophisticated spyware like NoviSpy, further illustrating the alarming risks associated with mobile security vulnerabilities.
Google has acknowledged the existence of “limited, targeted exploitation” for these vulnerabilities in its advisory, drawing a clear line between general threats and specific attacks that could affect businesses relying on Android ecosystems. In response to these vulnerabilities, the company released two separate security patch levels for the month of March to assist Android partners in rapidly addressing these widespread risks across devices.
For business owners, the implications of these vulnerabilities cannot be overstated. Understanding the tactics and techniques associated with these exploits aligns with the MITRE ATT&CK framework, illustrating potential attack vectors related to initial access, persistence, and privilege escalation. Given the technical nature of these vulnerabilities, organizations must prioritize updating their systems while reinforcing their overall cybersecurity strategies to defend against potential incursions.
The phrasing of certain updates following Google’s support underscores an adaptive response to persistent threats. As the cybersecurity landscape continues to evolve, remaining informed and proactive is vital to minimizing risks.
(The story was updated post-publication to incorporate Google’s feedback.)
