![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![[DEALS] The Premium Learn to Code Certification Bundle (97% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![From drop-out to software architect with Jason Lengstorf [Podcast #167]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743796461357/f3d19cd7-e6f5-4d7c-8bfc-eb974bc8da68.png?#)
.png?#)
_Christophe_Coat_Alamy.jpg?#)
 (1).webp?#)
![Apple Considers Delaying Smart Home Hub Until 2026 [Gurman]](https://www.iclarified.com/images/news/96946/96946/96946-640.jpg)
![iPhone 17 Pro Won't Feature Two-Toned Back [Gurman]](https://www.iclarified.com/images/news/96944/96944/96944-640.jpg)
![Tariffs Threaten Apple's $999 iPhone Price Point in the U.S. [Gurman]](https://www.iclarified.com/images/news/96943/96943/96943-640.jpg)
Google Warns of Two Critical Android Vulnerabilities Under Attack – Update Now!
Google has issued an urgent security alert for CVE-2024-43093 and CVE-2024-50302, two critical Android vulnerabilities actively exploited in coordinated attacks targeting devices running Android 12 through 15. Patched in the March 2025 Android Security Bulletin (security patch level 2025-03-05), these flaws enable attackers to bypass lock screens, escalate privileges, and execute remote code. Forensic evidence […] The post Google Warns of Two Critical Android Vulnerabilities Under Attack – Update Now! appeared first on Cyber Security News.
Google has issued an urgent security alert for CVE-2024-43093 and CVE-2024-50302, two critical Android vulnerabilities actively exploited in coordinated attacks targeting devices running Android 12 through 15.
Patched in the March 2025 Android Security Bulletin (security patch level 2025-03-05), these flaws enable attackers to bypass lock screens, escalate privileges, and execute remote code.
Forensic evidence links their exploitation to Serbian authorities using Cellebrite’s UFED tools to compromise activist devices.
With over one billion Android devices impacted by kernel-level USB driver vulnerabilities, users must immediately verify their security patch status via Settings > About Phone > Android Version and install updates.
Two Critical Android Vulnerabilities
CVE-2024-43093: System Component Privilege Escalation
Assigned to CVSS 7.8, this vulnerability enables malicious apps to bypass Android’s sandboxing via improper validation of inter-process communication (IPC) messages.
Attackers exploit weak permission checks in the System component to access restricted directories like Android/data and Android/sandbox, gaining unauthorized control over sensitive operations.
Patched in November 2024, the fix restricts directory permissions and validates IPC inputs. However, delayed OEM rollouts leave many devices exposed, particularly those reliant on third-party manufacturers for updates.
CVE-2024-50302: Linux Kernel HID Core Memory Leak
A critical vulnerability in the Linux kernel’s Human Interface Device (HID) subsystem, CVE-2024-50302 allows unauthenticated attackers to read uninitialized kernel memory via specially crafted USB HID reports.
The flaw stems from the kernel’s failure to zero-initialize the report_buffer during allocation, leaking sensitive data like encryption keys or authentication tokens.
Exploited alongside CVE-2024-53104 (UVC driver overflow), Serbian authorities used this flaw in December 2024 to unlock a student activist’s device.
Cellebrite’s Turbo Link hardware emulated malicious HID touchpads, triggering the memory leak to extract lock-screen credentials.
Despite upstream Linux patches in kernel versions 6.1.119+, Android’s delayed integration of kernel updates leaves millions of devices exposed until OEMs deploy March 2025 patches.
Chaining of Vulnerabilities
The attacks combine three vulnerabilities into a lethal chain:
- CVE-2024-53104: Out-of-bounds write in UVC driver (patched February 2025)
- CVE-2024-53197: Heap overflow in USB sound drivers (upstream Linux fix pending Android integration)
- CVE-2024-50302: HID memory leak enabling credential theft
This triad bypasses Android’s defense-in-depth protections, exploiting legacy USB drivers present since kernel 2.6.26 (2008).
Forensic logs show attackers connecting emulated USB devices (webcams, sound cards, HID touchpads) in rapid succession to trigger each vulnerability.
While Google patched CVE-2024-43093 and CVE-2024-50302 in AOSP, OEMs like Samsung and Xiaomi face weeks-long delays adapting fixes to custom skins (One UI, MIUI).
Devices reliant on carrier approvals are particularly vulnerable. Enterprises can audit patch compliance via:
Devices returning dates earlier than 2025-03-05 remain exploitable.
Google urges all users to:
Immediately install updates under Settings > System > Advanced > System update.
Enable Google Play Protect for real-time app scanning. Monitor OEM advisories for delayed patches, particularly for CVE-2024-43093.
These vulnerabilities highlight critical gaps in Android’s fragmented ecosystem, where coordinated disclosure timelines (via AOSP) clash with slow OEM responses.
As commercial spyware operators weaponize such flaws, proactive patching remains the strongest defense against escalating privilege-based attacks.
Device security is only as robust as its latest patch. With exploitation ongoing, delaying patches increases the potential of severe data breaches and system vulnerabilities.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
The post Google Warns of Two Critical Android Vulnerabilities Under Attack – Update Now! appeared first on Cyber Security News.
