Google March Android Security Update fixes two high severity vulnerabilities — update now

News
By published

And both have been exploited in the wild.

Android 12
(Image credit: quietbits/Shutterstock)

The March 2025 release of the Android Security Bulletin not only addresses 44 total vulnerabilities — it also patches two active high-severity vulnerabilities that have come under exploitation in the wild. According to Google, CVE-2024-43093 and CVE-2024-50302 have both come under “limited, targeted exploitation” and in response, the company has released two security patch levels.

The two security patch levels are 2025-03-01 and 2025-03-05 which are intended to give flexibility and to quickly address a portion of similar vulnerabilities across all Android devices.

The two high-severity vulnerabilities are both privilege escalation flaws; CVE-2024-43092 is a privilege escalation flaw in the Framework component that could allow unauthorized access in directories or subdirectories, while CVE-2024-50302 is a privilege escalation flaw in the HID USB component of the Linux kernel that could leak to uninitialized kernel memory to a local attacker through specially crafted HID reports.

The first vulnerability, CVE-2024-43092, has been previously flagged by Google as being actively exploited in a November 2024 advisory; however, there are no details as to why the alert was issued for a second time.

The second vulnerability, CVE-2024-50302, is one of three that was used in a zero-day exploit in December 2024 to break into a Serbian youth activist's Android phone. This exploit levied three other vulnerabilities (in this case, CVE-2024-53104, CVE-2024-53197, CVE-2024-50302) to gain elevated privileges and deploy Android spyware dubbed NoviSpy.

These three vulnerabilities reside in the Linux kernel and were patched last year, with CVE-2024-53104 being addressed by Google in the Android Security update last month.

More from Tom's Guide

Network
Arrow
Intego
Norton
Contract Length
Arrow
Showing 2 of 2 deals
Filters
Arrow
Intego
Mac Premium Bundle
View
75% off - 1st year
Norton
Norton 360 Deluxe
$119.99
View
See more Computing News
Amber Bouman
Amber Bouman
Senior Editor Security

Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps. 

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Google Pixel 9 held in the hand.
Google just fixed a zero-day kernel flaw used by hackers and 47 other vulnerabilities — update your Android phone right now
How to disable the Windows key
Microsoft patches over 160 security flaws including 3 active zero days — update your PC right now
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
iPhone 16 Pro shown held in hand
Apple just patched its first zero-day flaw of the year — update your iPhone and Mac right now
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
Green skull on smartphone screen.
Over 1 million Android devices infected with password-stealing, pre-installed botnet malware — how to stay safe
Latest in Online Security
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Latest in News
A first look at Amazon's Fallout TV series coming to Prime Video
‘Fallout’ season 3 plans are reportedly being made — while season 2 is still filming
Surface Laptop 7 from the front
Amazon just gave Surface Laptop 7 a 'frequently returned' label — here's what's going on
New emojis with iOS 18.4 beta release.
iOS 18.4 beta brings 8 new emoji to your iPhone — here's all the new options
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
half-life alyx
Latest Half-Life 3 rumors point to a 2025 release — and maybe pigs will fly
NFL Sunday Ticket logo for YouTube
NFL Sunday Ticket 2025 pricing revealed — and it's bad news
More about online security
23andME box

23andMe has declared bankruptcy — here's how to delete your data now

A man filing his taxes electronically on a laptop

AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
Two members of our review team photographed during a pressure relief test on the Saatva Classic mattress, with one typing notes into a laptop and the other measuring the amount of sinkage caused by a 56lb cast iron weight being dropped into the middle of the Saatva Classic mattress

People with this bed type are most satisfied with their mattress — and it’s not what we expected
See more latest