Google has released a new security update for Android, addressing two actively exploited vulnerabilities, CVE-2024-43093 and CVE-2024-50302. The company also patched 41 other vulnerabilities, including 11 high-severity flaws that could lead to remote code execution.
The most severe vulnerability, CVE-2024-43093, carries a CVSS score of 7.8 and allows attackers to gain local escalation of privilege without additional execution privileges. It was added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog in November.
Google has released two patch levels for Android: 2025-03-01 and 2025-03-05. The latest patch includes fixes for a trio of high-severity flaws affecting the kernel, MediaTek components, and Qualcomm components.
Pixel device users will receive the latest security updates shortly, while other Android manufacturers may release patches at a slower pace due to customized operating system updates. Source code patches have been released to the Android Open Source Project repository, encouraging partners to fix all issues in their monthly security bulletins.
Source: https://cyberscoop.com/android-security-update-march-2025