Google has patched over 40 vulnerabilities in Android, including two that are currently being exploited.
These vulnerabilities pose significant security risks, including privilege escalation and memory leaks, potentially exposing users to cyberattacks.
The fixes, detailed in Google’s March 2025 Android security bulletin, are crucial for maintaining device security, especially as one of the exploited flaws had already been addressed in a previous update but continues to be a threat.
The Big Picture
The two actively exploited vulnerabilities are:
- CVE-2024-43093: A flaw in the Framework component that allows attackers to bypass a file path filter, leading to privilege escalation.
- CVE-2024-50302: A zero-initialize issue in the Linux kernel’s report buffer, which could lead to memory leaks.
Google has indicated that both vulnerabilities have been used in targeted attacks, but the company has not disclosed further details about the exploits.
Vulnerability Patched
The March 2025 security update consists of two patch levels:
- 2025-03-01 Security Patch Level: Fixes 30 vulnerabilities, including nine in the Framework and 21 in the System component. Ten of these issues are classified as critical, including eight remote code execution vulnerabilities.
- 2025-03-05 Security Patch Level: Includes all previous fixes and addresses 13 additional security flaws in Kernel, MediaTek, and Qualcomm components.
The Bottom Line
Users are advised to update their devices to at least the 2025-03-01 security patch level to ensure protection against the latest threats.
With cybercriminals actively exploiting vulnerabilities, keeping Android devices up to date is critical for security. Google’s latest patches address multiple high-risk flaws, emphasizing the ongoing need for vigilance against evolving threats.
Users should regularly check for updates and apply them promptly to safeguard their data and privacy.
Source: Security Week
About Author
