Google March Android Security Update fixes two high severity vulnerabilities — update now

Android 12 — (Image credit: quietbits/Shutterstock)

The March 2025 release of the Android Security Bulletin not only addresses 44 total vulnerabilities — it also patches two active high-severity vulnerabilities that have come under exploitation in the wild. According to Google, CVE-2024-43093 and CVE-2024-50302 have both come under “limited, targeted exploitation” and in response, the company has released two security patch levels.

The two security patch levels are 2025-03-01 and 2025-03-05 which are intended to give flexibility and to quickly address a portion of similar vulnerabilities across all Android devices.

The two high-severity vulnerabilities are both privilege escalation flaws; CVE-2024-43092 is a privilege escalation flaw in the Framework component that could allow unauthorized access in directories or subdirectories, while CVE-2024-50302 is a privilege escalation flaw in the HID USB component of the Linux kernel that could leak to uninitialized kernel memory to a local attacker through specially crafted HID reports.

Article continues below

More from Tom's Guide

Any Contract Length

12 Months Contracts

Showing 4 of 4 deals

Filters☰

McAfee+ Premium - Unlimited Devices

$49.99

View

McAfee+ Premium - Unlimited Devices

$49.99

View

Amber Bouman was the senior security editor at Tom's Guide where she wrote about antivirus software, home security, identity theft and more. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.