Google Patches 44 Android Vulnerabilities in March 2025 Update, Two Actively Exploited

Google has released its March 2025 Android Security Bulletin, addressing 44 security flaws, including two high-severity vulnerabilities that have been actively exploited in the wild.

Two Actively Exploited Vulnerabilities:

• CVE-2024-43093 – A privilege escalation flaw in the Android Framework that allows unauthorized access to directories such as "Android/data," "Android/obb," and "Android/sandbox", along with their subdirectories. (Previously flagged in November 2024.)
• CVE-2024-50302 – A privilege escalation flaw in the HID USB component of the Linux kernel, enabling uninitialized kernel memory leaks through specially crafted HID reports, allowing local attackers to exploit the system.

CVE-2024-50302 Linked to Cellebrite Exploit

This vulnerability was part of a zero-day exploit chain used by Cellebrite in December 2024 to hack a Serbian youth activist’s Android phone. The exploit involved:

• CVE-2024-53104
• CVE-2024-53197
• CVE-2024-50302
  These flaws, all residing in the Linux kernel, were patched late last year, with CVE-2024-53104 addressed in Android’s February 2025 update.

Google’s Response & Patch Deployment

Google confirmed that both CVE-2024-43093 and CVE-2024-50302 were subjected to "limited, targeted exploitation." To facilitate timely patching, the company has released two security patch levels, 2025-03-01 and 2025-03-05, allowing Android partners to prioritize fixes for widely shared vulnerabilities across devices.