Google’s March 2025 Android Security Bulletin has unveiled two critical vulnerabilities—CVE-2024-43093 and CVE-2024-50302—currently under limited, targeted exploitation. These flaws affect Android versions 12 to 15, posing increasing risks for billions of devices.
The bulletin requires the immediate installation of the 2025-03-05 security patch to address remote code execution and privilege escalation vulnerabilities.
By F2
/ Tuesday , June 24 2025
The U.S. House of Representatives has banned congressional staff from using WhatsApp on government devices due to security concerns, as...
Read More
By F2
/ Tuesday , June 24 2025
Kaspersky found a new mobile malware dubbed SparkKitty in Google Play and Apple App Store apps, targeting Android and iOS....
Read More
By F2
/ Tuesday , June 24 2025
OWASP has released its AI Testing Guide, a framework to help organizations find and fix vulnerabilities specific to AI systems....
Read More
By F2
/ Tuesday , June 24 2025
In a major milestone for the country’s digital infrastructure, Axentec PLC has officially launched Axentec Cloud, Bangladesh’s first Tier-4 cloud...
Read More
By infosecbulletin
/ Monday , June 23 2025
A hacking group reportedly linked to Russian government has been discovered using a new phishing method that bypasses two-factor authentication...
Read More
By infosecbulletin
/ Wednesday , June 18 2025
Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC)...
Read More
By infosecbulletin
/ Tuesday , June 17 2025
Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...
Read More
By infosecbulletin
/ Tuesday , June 17 2025
GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel's IKE affecting UDP port 500. The attack centers around CVE-2023-28771,...
Read More
By infosecbulletin
/ Tuesday , June 17 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV)...
Read More
By infosecbulletin
/ Monday , June 16 2025
SafetyDetectives’ Cybersecurity Team discovered a public post on a clear web forum in which a threat actor claimed to have...
Read More
Two Critical Android Vulnerabilities
CVE-2024-43093: System Component Privilege Escalation:
This vulnerability, rated CVSS 7.8, allows malicious apps to bypass Android’s sandboxing due to improper validation of inter-process communication (IPC) messages. Attackers can exploit weak permission checks in the System component to access restricted directories, such as Android/data and Android/sandbox, gaining unauthorized control over sensitive operations.
The November 2024 patch restricts directory permissions and validates IPC inputs, but many devices remain vulnerable due to slow updates from OEMs, especially those depending on third-party manufacturers.
CVE-2024-50302: Linux Kernel HID Core Memory Leak
A severe vulnerability in the Linux kernel’s Human Interface Device (HID) subsystem, identified as CVE-2024-50302, enables unauthenticated attackers to access uninitialized kernel memory through specially crafted USB HID reports.
The issue arises because the kernel does not zero-initialize the report_buffer during allocation, allowing sensitive data like encryption keys or authentication tokens to be exposed. In December 2024, Serbian authorities exploited this vulnerability, along with CVE-2024-53104 (UVC driver overflow), to unlock a student activist’s device.
Kaspersky reports a 300% increase in Android attacks since January 2025, with CVE-2024-43093 associated with state-sponsored hackers.
CISA adds Cisco and Windows vulns as actively exploited