Update Alert: Google Warns of Critical Android Vulnerabilities Under Exploit

Google’s March 2025 Android Security Bulletin has unveiled two critical vulnerabilities—CVE-2024-43093 and CVE-2024-50302—currently under limited, targeted exploitation.

These flaws, impacting Android versions 12 through 15, underscore escalating risks for billions of devices.

The bulletin mandates the immediate installation of the 2025-03-05 security patch, which resolves remote code execution and privilege escalation threats.

Critical System Vulnerability: CVE-2024-43093

The most severe flaw, CVE-2024-43093, resides in Android’s System component and permits remote code execution (RCE) without requiring additional user privileges.

Attackers exploiting this vulnerability could seize full device control, exfiltrate sensitive data, or deploy malware silently. Rated “Critical” due to its low complexity and high impact, the flaw affects Android 12, 12L, 13, 14, and 15.

Google’s internal tracking ID A-341680936 links to patches released to the Android Open Source Project (AOSP), though exploit attempts have already bypassed initial mitigations.

Devices unpatched beyond March 5, 2025, remain acutely vulnerable, particularly those with delayed OEM updates.

Privilege Escalation Flaw: CVE-2024-50302

CVE-2024-50302, tracked as A-380395346, enables local escalation of privileges (EoP) within the Android framework.

This high-severity vulnerability allows attackers with physical access—or those leveraging malware—to gain root privileges, bypassing sandbox protections.

The flaw stems from improper access controls in upstream Linux kernel subsystems (HID), impacting devices running Android 10 and later.

Google emphasizes that while exploitation requires user interaction, social engineering tactics (e.g., phishing links or rogue apps) could trigger the flaw.

Partners received patches a month before public disclosure, but delays in manufacturer rollout cycles leave many devices exposed.

Mitigations and Protections

Google’s blog post highlights layered defenses:

1. Google Play Protect, enabled by default on 2.5 billion devices, now blocks apps attempting to exploit these CVEs.
2. Android 15’s enhanced sandboxing restricts lateral movement post-exploitation.
3. March 2025 patches address all vulnerabilities in AOSP and kernel subsystems.

Despite these measures, users are urged to:

• Check for updates: Navigate to Settings > Security > Security Updates.
• Avoid sideloading apps: Unverified APKs risk introducing exploit code.
• Enable Google Play Protect: Activate via Google Play Store > Settings.

Major OEMs like Samsung and Google Pixel have already deployed patches, but budget and older devices face prolonged vulnerability windows.

Cybersecurity firm Kaspersky reports a 300% spike in Android-focused attacks since January 2025, with CVE-2024-43093 linked to state-aligned hacking groups.

Google recommends enterprises enforce strict patch policies and network segmentation for unpatched devices. For developers, auditing apps for unintended privilege access remains critical.

The Android team continues monitoring exploitation via Threat Analysis Group (TAG) and urges users to “prioritize updates as their first line of defense”.

With zero-day exploits proliferating, the March 2025 bulletin marks a pivotal moment for mobile security—one demanding swift, global action.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.