Google has liberated Its monthly Android security newsletter in March 2025, a total of 44 vulnerability, including two, which, he said, were actively exploited in the wild.
Two vulnerabilities with high speed are below –
- Cve-2024-43093 – Lack of escalation of privileges in the components of Framework, which can lead to unauthorized access to the directory “Android/Data”, “Android/OBB” and “Android/Sandbox” and their corresponding liners.
- Cve-2024-5022 – Lack of escalation of privileges in the Linux Hid USB components, which can lead to non -nationalized core memory leaks to a local attacker through specially designed HID reports.
It is worth noting that Cve-2024-43093 was Previously indicated According to Google, in its security counseling for November 2024, how actively exploited in the wild. It is unclear that pushed the technological giant to issue a warning for the second time.
The Hacker News appealed to Google for further comment and we will update the story when we hear back.
On the other hand, CVE-2024-502 developed Cellebrite Solved in the Serbian youth activist Android in December 2024.
The expluent provided for the use of the CVE-2024-53104, CVE-2024-53197 and CVE-2024-502 to obtain high privileges and probably deploying Android spy software, called Novispy.
All three vulnerabilities reside in the Linux kernel and were secured at the end of last year. Cve-2024-53104 was address Google on Android last month.
In his recommendations, Google acknowledged that both the CVE-2024-43093, and the CVE-2024-50302 were “limited, purposeful operation”.
The Mountain View company has released two levels of security patch, 2025-01 and 2025-05 to give flexibility for Android Partners to solve part of the vulnerabilities that are faster to all Android devices.
