Google Fixed Two Actively Exploited Android Flaws in March 2025 Security Update
In a significant move to address the growing security concerns, Google has released its March 2025 Android update, which patches over 40 vulnerabilities, including two actively exploited flaws. These updates are designed to provide a safer and more secure experience for users of Android devices.
Two Flaws Actively Exploited in Attacks in the Wild
The Android March 2025 security update addresses two particularly concerning vulnerabilities: CVE-2024-43093 and CVE-2024-50302. These flaws have been actively exploited in attacks in the wild, highlighting the urgent need for users to apply these updates as soon as possible.
CVE-2024-43093: A Privilege Escalation Vulnerability
CVE-2024-43093 is a Privilege Escalation Vulnerability in Android Framework. This flaw arises from a bug in ExternalStorageProvider.java, which allows attackers to bypass file path filters meant to block access to sensitive directories due to improper Unicode normalization. Successful exploitation of this issue could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2024-50302: A Linux Kernel Vulnerability
CVE-2024-50302 is a Linux kernel vulnerability that was fixed by zero-initializing the HID report buffer during allocation to prevent potential kernel memory leaks. This patch aims to address a critical issue in the Linux kernel, which could have significant security implications for Android users.
Attacks Exploiting Vulnerabilities
Last year, the Security Lab provided evidence of a Cellebrite zero-day exploit chain to industry partners, leading Google to identify three vulnerabilities. While details about the attacks exploiting these vulnerabilities are not yet publicly available, it is clear that users must take proactive steps to protect themselves from potential threats.
Other Patched Vulnerabilities
In addition to the two actively exploited flaws, the Android March 2025 security update addresses over 40 other vulnerabilities. Among them, CVE-2024-53104 was patched in the February 2025 update, while CVE-2024-53197 and CVE-2024-50302 (with a CVSS score of 5.5) were patched in the Linux kernel but not yet in Android.
Amnesty International Reveals Vulnerability Use
Recently, Amnesty International revealed that the vulnerability CVE-2024-50302 was likely used by Cellebrite’s mobile forensic tools to unlock the Android phone of a Serbian student activist. This highlights the potential risks associated with zero-day exploits and underscores the importance of timely security updates.
Critical Vulnerabilities in System Component
The Android March 2025 security update also addresses ten critical vulnerabilities in the System component, which could lead to remote code execution with no additional execution privileges needed. This is considered one of the most severe issues in the update and requires immediate attention from users.
Conclusion
In conclusion, Google's March 2025 Android update represents a significant effort to address the growing security concerns in the mobile ecosystem. By applying these updates, users can significantly reduce their risk of falling victim to attacks that exploit actively exploited vulnerabilities. It is essential for all users to stay informed about the latest security patches and to prioritize their device's software updates.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon