Google’s March 2025 Android Security Bulletin: 44 Vulnerabilities, 2 Under Active Exploitation

Posted on by Techpad AI

March 2025 Android Security Bulletin: A Wake-Up Call for Android Users

The latest Android Security Bulletin for March 2025 has dropped, and it’s a doozy. Google has identified a whopping 44 vulnerabilities, including two high-severity bugs that have already been exploited in the wild. Yes, you read that right – exploited. It’s time to take a closer look at what’s going on and what you can do to keep your Android device safe.

The Two High-Severity Vulnerabilities

The two vulnerabilities that have caught our attention are CVE-2024-43093 and CVE-2024-50302. The first one, CVE-2024-43093, was previously flagged by Google in November 2024 as actively exploited in the wild. It’s unclear what prompted the tech giant to issue the alert a second time, but it’s clear that this vulnerability is a priority.

The second vulnerability, CVE-2024-50302, is part of a zero-day exploit used by Cellebrite to break into an Android phone belonging to a Serbian youth activist in December 2024. This exploit, which involved chaining three vulnerabilities together, allowed the attackers to gain elevated privileges and likely deploy an Android spyware dubbed NoviSpy.

The Linux Kernel Connection

All three vulnerabilities used in the zero-day exploit reside in the Linux kernel and were patched late last year. CVE-2024-53104, one of the vulnerabilities used in the exploit, was addressed by Google in Android last month. This highlights the importance of keeping your device’s software up to date, as these vulnerabilities were already fixed before they were exploited.

Limited, Targeted Exploitation

Google has acknowledged that both CVE-2024-43093 and CVE-2024-50302 have come under “limited, targeted exploitation.” This means that the attacks are not widespread, but they are still a concern for Android users.

What You Can Do

So, what can you do to keep your Android device safe? Here are a few actionable insights:

  • Make sure your device is running the latest software. Google has released two security patch levels, 2025-03-01 and 2025-03-05, to give flexibility to Android partners to address a portion of vulnerabilities that are similar across all Android devices more quickly.
  • Keep an eye on your device’s security updates. Google’s advisory has acknowledged that both CVE-2024-43093 and CVE-2024-50302 have come under limited, targeted exploitation.
  • Consider using a security tool like ASPM, which brings code and live data together for easy security.

Conclusion

The March 2025 Android Security Bulletin is a wake-up call for Android users. With 44 vulnerabilities identified, including two high-severity bugs that have already been exploited in the wild, it’s clear that security is a top priority. By keeping your device’s software up to date and being aware of the latest security threats, you can help keep your Android device safe.

Summary

  • Google has released its March 2025 Android Security Bulletin, addressing 44 vulnerabilities, including two high-severity bugs that have been exploited in the wild.
  • The two high-severity vulnerabilities, CVE-2024-43093 and CVE-2024-50302, have come under limited, targeted exploitation.
  • Android users should make sure their device is running the latest software and keep an eye on security updates to stay safe.

Related Posts