One of these vulnerabilities, cve-2024-43093, involves a vulnerability that allows for increased privileges in the Android Framework component, leading to unauthorized access to catalogs such as “Android/Data,” “Android/OBB,” and “Android/Sandbox” and their subcatalogs. While Google had previously mentioned this exploit in the November Bulletin, a recent warning has been released, the reasons for which are still unknown.
The second vulnerability, cve-2024-50302, was discovered in the Linux kernel HID component. It enables a local attacker to access the non-initialized memory of the kernel through specially crafted HID reports. This vulnerability was part of an exploit chain used by the Israeli company Cellebrite in December 2024 to hack a Serbian activist’s smartphone. The operation also included cve-2024-53104 and cve-2024-53197, which allowed for increased privileges and establishing spyware via Novispy.
Google confirmed that both vulnerabilities were employed in “limited, targeted attacks.” While all three vulnerabilities in the Linux kernel were fixed towards the end of last year, cve-2024-53104 was only closed in February 2025.
To address these issues, two separate security patches were issued, 2025-03-01 and 2025-03-05. This strategy allows Android device manufacturers to promptly address some of the common vulnerabilities and then enhance protection in a subsequent update.