In March 2025, Google’s Android Security Bulletin revealed two critical vulnerabilities, CVE-2024-43093 and CVE-2024-50302, currently being exploited in a limited and targeted manner. These vulnerabilities, impacting Android versions 12 through 15, highlight the increasing risks faced by billions of devices worldwide. The bulletin urgently advises the immediate installation of the 2025-03-05 security patch, which addresses remote code execution and privilege escalation threats.
The most severe vulnerability, CVE-2024-43093, found in Android’s System component, allows for remote code execution without the need for additional user privileges. This critical flaw poses a significant risk as attackers could potentially take full control of the device, extract sensitive data, or deploy malware discreetly. The flaw affects Android versions 12, 12L, 13, 14, and 15 and has been rated as “Critical” due to its low complexity and high impact. While patches have been released by Google through the Android Open Source Project (AOSP), there have been reports of exploit attempts bypassing initial mitigations, leaving unpatched devices vulnerable.
Another vulnerability, CVE-2024-50302, tracked as A-380395346, enables local escalation of privileges within the Android framework. This high-severity flaw allows attackers with physical access or malware to gain root privileges, circumventing sandbox protections. The vulnerability originates from inadequate access controls in upstream Linux kernel subsystems (HID) affecting devices running Android 10 and later. Although exploitation of this flaw requires user interaction, social engineering tactics such as phishing links or rogue apps could trigger the vulnerability.
Google has emphasized the importance of implementing layered defenses to mitigate these vulnerabilities. Measures include Google Play Protect, which is enabled by default on 2.5 billion devices to block apps attempting to exploit these CVEs. Additionally, Android 15 introduces enhanced sandboxing to restrict lateral movement post-exploitation. The March 2025 patches address all vulnerabilities in AOSP and kernel subsystems, aiming to provide comprehensive protection against potential exploits.
Despite these efforts, users are advised to regularly check for updates, avoid sideloading apps from unverified sources, and enable Google Play Protect for enhanced security. While major OEMs like Samsung and Google Pixel have already rolled out patches, budget and older devices may remain vulnerable for longer periods. Cybersecurity firm Kaspersky has reported a 300% increase in Android-focused attacks since January 2025, with CVE-2024-43093 linked to state-aligned hacking groups.
To combat these escalating threats, Google recommends that enterprises enforce strict patch policies and network segmentation for unpatched devices. Developers are urged to conduct thorough audits of apps to identify and eliminate unintended privilege access. The Android team continues to monitor exploitation through the Threat Analysis Group (TAG) and stresses the importance of prioritizing updates as the first line of defense against potential threats.
As zero-day exploits become more prevalent, the March 2025 Android Security Bulletin serves as a critical reminder of the urgent need for global action to enhance mobile security. It is imperative for users, developers, and organizations to remain vigilant, implement security best practices, and prioritize timely updates to safeguard against evolving cyber threats.