Google’s March 2025 Android Safety Bulletin has unveiled two important vulnerabilities—CVE-2024-43093 and CVE-2024-50302—presently beneath restricted, focused exploitation.
These flaws, impacting Android variations 12 via 15, underscore escalating dangers for billions of gadgets.
The bulletin mandates the fast set up of the 2025-03-05 safety patch, which resolves distant code execution and privilege escalation threats.
Essential System Vulnerability: CVE-2024-43093
Essentially the most extreme flaw, CVE-2024-43093, resides in Android’s System element and permits distant code execution (RCE) with out requiring further consumer privileges.
Attackers exploiting this vulnerability might seize full gadget management, exfiltrate delicate information, or deploy malware silently. Rated “Essential” because of its low complexity and excessive influence, the flaw impacts Android 12, 12L, 13, 14, and 15.
Google’s inside monitoring ID A-341680936 hyperlinks to patches launched to the Android Open Supply Mission (AOSP), although exploit makes an attempt have already bypassed preliminary mitigations.
Units unpatched past March 5, 2025, stay acutely susceptible, notably these with delayed OEM updates.
Privilege Escalation Flaw: CVE-2024-50302
CVE-2024-50302, tracked as A-380395346, allows native escalation of privileges (EoP) throughout the Android framework.
This high-severity vulnerability permits attackers with bodily entry—or these leveraging malware—to achieve root privileges, bypassing sandbox protections.
The flaw stems from improper entry controls in upstream Linux kernel subsystems (HID), impacting gadgets operating Android 10 and later.
Google emphasizes that whereas exploitation requires consumer interplay, social engineering techniques (e.g., phishing hyperlinks or rogue apps) might set off the flaw.
Companions acquired patches a month earlier than public disclosure, however delays in producer rollout cycles go away many gadgets uncovered.
Mitigations and Protections
Google’s weblog put up highlights layered defenses:
- Google Play Shield, enabled by default on 2.5 billion gadgets, now blocks apps trying to use these CVEs.
- Android 15’s enhanced sandboxing restricts lateral motion post-exploitation.
- March 2025 patches tackle all vulnerabilities in AOSP and kernel subsystems.
Regardless of these measures, customers are urged to:
- Examine for updates: Navigate to Settings > Safety > Safety Updates.
- Keep away from sideloading apps: Unverified APKs threat introducing exploit code.
- Allow Google Play Shield: Activate by way of Google Play Retailer > Settings.
Main OEMs like Samsung and Google Pixel have already deployed patches, however finances and older gadgets face extended vulnerability home windows.
Cybersecurity agency Kaspersky studies a 300% spike in Android-focused assaults since January 2025, with CVE-2024-43093 linked to state-aligned hacking teams.
Google recommends enterprises implement strict patch insurance policies and community segmentation for unpatched gadgets. For builders, auditing apps for unintended privilege entry stays important.
The Android crew continues monitoring exploitation by way of Risk Evaluation Group (TAG) and urges customers to “prioritize updates as their first line of protection”.
With zero-day exploits proliferating, the March 2025 bulletin marks a pivotal second for cellular safety—one demanding swift, world motion.
Are you from SOC/DFIR Groups? – Analyse Malware Incidents & get dwell Entry with ANY.RUN -> Begin Now for Free.