Google has issued an urgent security alert addressing two critical Android vulnerabilities, CVE-2024-43093 and CVE-2024-50302, which are actively being exploited in coordinated attacks targeting devices running Android versions 12 through 15.
The vulnerabilities, patched in the March 2025 Android Security Bulletin (security patch level 2025-03-05), could allow malicious actors to bypass lock screens, escalate privileges, and execute remote code.
Details of the Vulnerabilities
CVE-2024-43093: System Component Privilege Escalation: This vulnerability, with a CVSS score of 7.8, allows malicious applications to bypass Android’s sandboxing through improper validation of inter-process communication (IPC) messages. Attackers can exploit weak permission checks in the System component to gain unauthorized control over sensitive operations. This vulnerability was flagged by Google in November last year, and although a patch was released at the time, delayed rollouts by OEMs have left many devices exposed.
CVE-2024-50302: Linux Kernel HID Core Memory Leak: This critical vulnerability in the Linux kernel’s Human Interface Device (HID) subsystem allows unauthenticated actors to read uninitialized kernel memory via specially crafted USB HID reports. The flaw results from the kernel’s failure to zero-initialize the report_buffer during allocation, potentially leaking sensitive data like encryption keys or authentication tokens.
Exploitation and Chaining of Vulnerabilities
According to Cyber Security News, forensic evidence indicates that Serbian authorities have exploited these vulnerabilities, using Cellebrite’s UFED tools to compromise activist devices. The attacks involve chaining three vulnerabilities together
- CVE-2024-53104: Out-of-bounds write in UVC driver (patched February 2025)
- CVE-2024-53197: Heap overflow in USB sound drivers (upstream Linux fix pending Android integration)
- CVE-2024-50302: HID memory leak enabling credential theft
This combination allows bad actors to bypass Android’s defense mechanisms by exploiting legacy USB drivers present since kernel 2.6.26 (2008). Attackers connect emulated USB devices in rapid succession to trigger each vulnerability.
Impact and Mitigation
Over a billion Android devices are potentially impacted by these kernel-level USB driver vulnerabilities. While Google has released patches in AOSP, delays in adapting these fixes to custom OEM skins, such as Samsung’s One UI and Xiaomi’s MIUI, have left devices vulnerable. Devices dependent on carrier approvals are particularly at risk.
Google urges all users to take the following actions:
- Immediately install updates via Settings > System > Advanced > System update.
- Enable Google Play Protect for real-time app scanning.
- Monitor OEM advisories for delayed patches, especially for CVE-2024-43093.
Enterprises can audit patch compliance by verifying that devices return a security patch date of 2025-03-05 or later.
The Peril in Our Pockets
“Google’s disclosure of CVE-2024-43093 and CVE-2024-50302 serves as a stark reminder of the perils lurking in our pockets, comments Javvad Malik, Lead Security Awareness Advocate at KnowBe4. “These vulnerabilities, affecting over a billion Android devices, highlight the importance of deploying patches in a timely manner.”
Malik says the involvement of Serbian authorities and Cellebrite’s UFED tools in exploiting these vulnerabilities adds a layer of complexity in that it blurs the lines between state-sponsored surveillance and cybercrime.
The real challenge lies in the fragmented nature of the Android ecosystem, he explains. “With dozens of manufacturers and carriers, patching becomes a logistical nightmare, leaving countless devices vulnerable long after fixes are available. Unfortunately, many cheaper Android devices running older versions of the operating system can’t be updated at all.”
Malik says this incident highlights an urgent need for a more cohesive approach to security updates in the Android world. “Google, OEMs, and carriers must pull together to ensure patches reach users swiftly, regardless of device or location.”
A Cat and Mouse Game
“Google’s warning about these new Android vulnerabilities is yet another reminder of the constant cat-and-mouse game between software vendors and cybercriminals,” adds Adam Pilton, Senior Cybersecurity Consultant at CyberSmart. “Attackers are always looking for weaknesses, and unpatched devices present a major opportunity. These vulnerabilities, particularly those that allow privilege escalation, could be exploited to take full control of a device—turning it into a gateway for data theft, spyware, or further attacks.”
Pilton says for businesses and individuals, this reinforces the importance of swift patching and maintaining good security hygiene. “While Google and device manufacturers work to release fixes, end users must take responsibility by applying updates as soon as they become available. Organizations should also consider mobile device management (MDM) solutions to enforce security policies, ensuring devices don’t remain vulnerable. This isn’t just a technical issue; it’s a stark reminder of how reliant we are on software security and how crucial it is to stay ahead of emerging threats.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.