Google has released its March 2025 Android Security Bulletin, addressing a total of 44 vulnerabilities, including two that have been actively exploited: CVE-2024-43093 and CVE-2024-50302.
Details on the vulnerabilities
CVE-2024-43093 is a privilege escalation flaw in the Framework component, which can lead to unauthorized access to “Android/data,” “Android/obb,” and “Android/sandbox” directories, including their sub-directories. The second vulnerability, CVE-2024-50302, affects the HID USB component of the Linux kernel and may allow local attackers to leak uninitialized kernel memory via specially crafted HID reports.
Google previously identified CVE-2024-43093 in its security advisory for November 2024 as an active exploit in the wild. The reason for issuing the alert again remains unclear. CVE-2024-50302 was part of a zero-day exploit used by Cellebrite to compromise an Android phone belonging to a Serbian youth activist in December 2024. This exploit utilized three vulnerabilities—CVE-2024-53104, CVE-2024-53197, and CVE-2024-50302—to gain elevated privileges and deploy the spyware known as NoviSpy. All three vulnerabilities were patched by Google late last year, with CVE-2024-53104 addressed as recently as last month.
In its security advisory, Google noted that both CVE-2024-43093 and CVE-2024-50302 have been subject to “limited, targeted exploitation.” The company has provided two security patch levels, 2025-03-01 and 2025-03-05, allowing Android partners to address certain vulnerabilities more swiftly.
While fixes for both vulnerabilities will become available for Pixel devices within days, Samsung’s March security release only includes the fix for CVE-2024-43093. This patch has been issued again, but the reasons for its re-emergence this month are unclear. Given the nature of CVE-2024-50302, there is a risk that it could affect Galaxy devices, but Samsung’s updates typically experience a delayed rollout.
Due to these vulnerabilities, it is expected that the U.S. cyber defense agency will mandate federal employees update their Android devices or stop using them, especially in light of recent reported attacks in Europe. Google’s update entails numerous critical system fixes, many relevant to devices running Android 15. The majority of Pixels will be affected by these updates, while only the new Galaxy S25 and some A Series phones currently run Android 15 within Samsung’s ecosystem. Samsung’s update will incorporate 11 critical fixes.
Given the significant lag in the Android 15 update schedule, sources suggest that Samsung may bypass versions One UI 7.1 and 7.1.1 to launch One UI 8.0 directly, as Android 16, which will drive One UI 8, is currently in beta testing on Pixel devices.
Additional updates and features
The March 2025 update also enhances Google Play Services to version 25.08, improving login reliability for younger users. Changes to Google Wallet will expand its availability to additional countries, enabling more users to access digital payment methods on phones and Wear OS devices.
The Google Play Store update introduces new features, including game genre topic pages for easier exploration of different game types and a new install bar feature that streamlines the app installation process.
The rollout of the Google Play System March 2025 update may take time to reach all users, including Samsung Galaxy phone users. It is advisable to install updates promptly to mitigate potential security risks.
Featured image credit: Kerem Gülen/Ideogram
