Google’s urgent security alert addressing two critical Android vulnerabilities, CVE-2024-43093 and CVE-2024-50302, highlights the risks faced by devices running Android versions 12 through 15. The vulnerabilities, patched in the March 2025 Android Security Bulletin, have the potential to allow attackers to bypass lock screens, escalate privileges, and execute remote code.
The first vulnerability, CVE-2024-43093, with a CVSS score of 7.8, targets the System component’s privilege escalation. This flaw allows malicious applications to bypass Android’s sandboxing by exploiting weak permission checks in the System component, granting unauthorized control over sensitive operations. Although Google flagged this vulnerability in November last year and released a patch, delayed rollouts by OEMs have left numerous devices exposed.
On the other hand, CVE-2024-50302 targets the Linux kernel’s HID Core Memory Leak, posing a critical threat to devices. This vulnerability in the HID subsystem of the Linux kernel enables unauthenticated actors to read uninitialized kernel memory through specially crafted USB HID reports. The failure to zero-initialize the report_buffer during allocation can result in the leakage of sensitive data like encryption keys or authentication tokens.
Reports suggest that Serbian authorities have actively exploited these vulnerabilities to compromise activist devices using Cellebrite’s UFED tools. The attacks involve chaining multiple vulnerabilities together, including the out-of-bounds write in UVC driver and the heap overflow in USB sound drivers, ultimately enabling credential theft through the HID memory leak. This combination targets legacy USB drivers present since kernel 2.6.26, allowing attackers to bypass Android’s defense mechanisms.
The impact of these vulnerabilities extends to over a billion Android devices, with delays in patch implementation by custom OEM skins leaving devices vulnerable. Google advises users to install updates promptly, enable Google Play Protect, and monitor OEM advisories for delayed patches to mitigate risks. Enterprises should verify patch compliance by ensuring devices return a security patch date of 2025-03-05 or later.
Security experts emphasize the urgent need for a cohesive approach to security updates in the Android ecosystem to ensure timely patch deployment across devices. The fragmented nature of the ecosystem, with various manufacturers and carriers, poses challenges in patch distribution, leaving many devices exposed to potential threats.
The perpetual cat-and-mouse game between software vendors and cybercriminals underscores the importance of swift patching and maintaining good security hygiene. Unpatched devices present ample opportunities for attackers to exploit vulnerabilities for data theft, spyware, or further attacks. Individuals and businesses must prioritize applying updates promptly and consider implementing mobile device management solutions to enforce security policies.
In conclusion, the disclosure of these Android vulnerabilities serves as a reminder of the ever-evolving landscape of cybersecurity, requiring diligence from all stakeholders to stay ahead of emerging threats. Collaboration between Google, OEMs, and carriers is crucial to ensure the swift and comprehensive distribution of patches to safeguard Android users from potential exploits.