Google on Monday announced fixes for more than 40 vulnerabilities in Android,
warning that two of the issues are actively exploited in the wild.

The exploited flaws include CVE-2024-43093, a bypass of a file path filter in
the Framework component that could lead to privilege escalation, and
CVE-2024-50302, a zero-initialize issue with the report buffer in Linux kernel
that could lead to memory leaks.

GoogleΓÇÖs March 2025 Android security bulletin warns ΓÇ£there are
indicationsΓÇ¥ that these security defects ΓÇ£may be under limited, targeted
exploitationΓÇ¥, without providing further information on the observed attacks.

This is the second time Google warns of CVE-2024-43093 being exploited in the
wild without sharing additional details, after rolling out fixes for it as part
of the November 2024 Android update.

According to a recent Amnesty International report, CVE-2024-50302 was likely
exploited as a zero-day by CellebriteΓÇÖs mobile forensic tools to bypass the
lockscreen of the Android phone of a Serbian student activist.

The first part of this monthΓÇÖs Android update, which arrives on devices as the
2025-03-01 security patch level, contains fixes for 30 vulnerabilities: nine in
Framework and 21 in System.

Of the bugs resolved in System, 10 are critical-severity issues, including eight
that could lead to remote code execution. The remaining two could be exploited
to elevate privileges and cause a denial-of-service (DoS) condition,
respectively.

ΓÇ£The most severe of these issues is a critical security vulnerability in the
System component that could lead to remote code execution with no additional
execution privileges needed,ΓÇ¥ Google notes.

Advertisement. Scroll to continue reading.

The second part of the update arrives on devices as the 2025-03-05 security
patch level, addressing all the flaws above, vulnerabilities resolved with
previous updates, and 13 additional security defects in Kernel, MediaTek, and
Qualcomm components.

On Monday, Google also published an Android Wear OS security bulletin, which
details two security defects. Updating devices to a security patch level of
2025-03-01 also resolves the vulnerabilities patched in Android this month.

While there were no Android Automotive OS security patches released this month,
users are advised to update to a security patch level of 2025-03-01, which
contains this monthΓÇÖs Android fixes.

https://www.securityweek.com/google-patches-p...
n-android/

--- BBBS/LiR v4.10 Toy-7
 * Origin: TCOB1: https/binkd/telnet binkd.rima.ie (618:500/1)