Google Announces Fixes for Android Vulnerabilities
Google kicked off the week with an announcement that it has addressed over 40 vulnerabilities in Android, with two of these issues currently being exploited. The tech giant has not provided any further details about the attacks, but has issued a warning that these security defects may be under targeted exploitation.
Exploited Flaws: A Closer Look
The exploited flaws include CVE-2024-43093, a bypass of a file path filter in the Framework component that could lead to privilege escalation, and CVE-2024-50302, a zero-initialize issue with the report buffer in Linux kernel that could lead to memory leaks. This is the second time Google has issued a warning about CVE-2024-43093 being exploited, after previously rolling out fixes for it in the November 2024 Android update.
Amnesty International Report Highlights Exploitation
In a recent report by Amnesty International, it was suggested that CVE-2024-50302 was likely exploited as a zero-day by Cellebrite’s mobile forensic tools. This was used to bypass the lockscreen of the Android phone of a Serbian student activist.
The March 2025 Android Security Update: What it Includes
The first part of the March 2025 Android update, referred to as the 2025-03-01 security patch level, includes fixes for 30 vulnerabilities. These include nine in the Framework and 21 in the System. Of the bugs resolved in the System, 10 are critical-severity issues, including eight that could lead to remote code execution. The remaining two could be exploited to elevate privileges and cause a denial-of-service (DoS) condition.
Google’s Stance on the Most Severe Issue
“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed,” Google states.
Second Part of the Update: Additional Fixes
The second part of the update, known as the 2025-03-05 security patch level, addresses all the flaws mentioned above, vulnerabilities resolved with previous updates, and 13 additional security defects in Kernel, MediaTek, and Qualcomm components.
Android Wear OS Security Bulletin
On the same day, Google also released an Android Wear OS security bulletin, which details two security defects. Updating devices to a security patch level of 2025-03-01 also resolves the vulnerabilities patched in Android this month.
Recommendations for Android Automotive OS Users
While there were no Android Automotive OS security patches released this month, users are advised to update to a security patch level of 2025-03-01, which contains this month’s Android fixes.