Google launched an urgent notice notice for CVE 2024-43093 and CVE-2024-50302.
In March 2025, in the Android security bulletin (level of the security patch 2025-03-05), these errors can allow attackers to avoid blocking, climbing and performing authorizations and carrying out a remote code.
Medical tests combine its exploitation with the Serbian authorities that use UFED tools of celibacy to influence activists.
With over a billion Android devices assigned by the weak points of the USB trunker on the kernel, users must immediately check the conditions of their security patches by configuration> information on the phone> Android version immediately and install updates.
Two weak points of Android criticism
CVE-2024-43093: climbing on the privileges of the components of the system
This vulnerability is attributed to CVSS 7.8 and allows the harmful applications of omitting Android sand boxes due to the inadequate validation of IPC messages (communication between the processes).
Interfravers uses low authorization checks in the system component to access limited directory such as Android / Data and Android / Sandbox, which obtain unauthorized control over sensitive operations.
The limited solution in November 2024 limited the authorizations of the Board of Directors and confirms the entry of the IPC. However, the deployment of the OEM late has many fans exposed, in particular those that depend on third -party manufacturers to obtain updates.
CVE-2024-50302: Linux-Kernel-Kentichen-Reck
Critical security in the HID subsystem (human interface) of the Linux ship, CVE-2024-50302, allows the unauthenticated attackers to read the unborn core space through special hydro-USB report.
The error is based on the failure of the nucleus so as not to initialize the Tampon_ report during the allowance and publish confidential data, such as the encryption key or authentication token.
The Serbian authorities were used with CVE-2024-53104 (Overflow of the UVC controller) and used this error in December 2024 to unlock the device of a student activist.
The turbo-valuantly equipment has emulated intelligent tactile pads and triggers the loss of memory to extract the connection information on the lock screen.
Despite the front of the Linux patch in the versions of the 6.1.119+ nucleus, the late integration of the basic replicas caused millions of devices until the OEM was used in the 2025 patches of March.
Vulnerability
The attacks combine three weaknesses in a fatal chain:
CVE-2024-53104: Write outside the UVC controller (Pathers in February 2025)
CVE-2024-53197: Battery overflow in the USB audio controllers (in Monte-Linux-Fixe for Android integration)
CVE-2024-50302: HYD Intelligent
This triad transmits the protection of Android defense to the depths and uses the hereditary USB controller, which was present of the 2.6.26 (2008) nucleus.
The forensic protocols show the attackers who combine emulated USB devices (web cameras, sound letters, hidden rollers) in a rapid consequence to trigger any vulnerability.
While Google Cve-2024-43093 and CVE-2024-50302 have accused AOP, OEM such as Samsung and Xiaomi are weekly delays in adapting personalized masks corrections (iu, Miui).
The devices that depend on the vectors are particularly sensitive. Companies can respect the compliance of the patch:
The devices that refer to data before 2025-03-05 are always recognizable.
Google calls all users to:
Install updates in the configuration> System> Extension> System update immediately.
Google Active Play Protect for real exploration applications. Look at OEM queries for delayed corrections, in particular for CVE-2024-43093.
These weak points underline the criticisms of the fragmented Android ecosystem, in which the coordinated distribution calendar (via AOSP) plays with lens OEM reactions.
As a commercial spyware operator, these faults still have the strongest proactive defense weapons against attacks of intense privileges.
The safety of the devices is robust as the latest patch. Due to continuous exploitation, the delay in corrections increases the potential of serious data injuries and the twilight of the system.
