CyberInsider

Reliable cybersecurity news and resources

General

Latest News

About

CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

Google Patches Two Actively Exploited Zero-Day Flaws in Android

By Leave a Comment
Google Patches Two Actively Exploited Zero-Day Flaws in Android

Google has released a security update for Android, addressing two zero-day vulnerabilities that were being actively exploited in targeted attacks.

The flaws, tracked as CVE-2024-43093 and CVE-2024-50302, were fixed in the latest March 2025 Android Security Bulletin, with Google urging users to apply the latest patches as soon as possible.

The update comes after Amnesty International's Security Lab discovered that one of the flaws (CVE-2024-50302) had been leveraged in a recent surveillance operation in Serbia, where authorities reportedly used Cellebrite's forensic tools to unlock a student activist's phone. The vulnerability, which resided in the Linux kernel's USB HID (Human Interface Device) driver, allowed attackers to extract sensitive data from locked Android devices.

Vulnerability details

  • CVE-2024-43093 – A high-severity elevation of privilege (EoP) flaw affecting Android versions 12 through 15. This vulnerability was found in the Android Framework, allowing attackers with local access to gain increased privileges on a targeted device.
  • CVE-2024-50302 – A high-severity information disclosure (ID) flaw in the HID driver of the Linux kernel, which could expose sensitive system data to attackers. This vulnerability was reportedly exploited in forensic extractions, as noted in Amnesty International's report.

These vulnerabilities were reported privately to Google by Amnesty researchers a few months ago, and patches have now been integrated into the Android Open Source Project (AOSP). Devices with a security patch level of March 5, 2025, or later are protected against these issues.

Connection to surveillance attacks

Amnesty International's previous findings highlighted that Serbian authorities had exploited zero-day vulnerabilities in Android's USB drivers to unlock and extract data from activists' devices. The Cellebrite UFED tool reportedly leveraged CVE-2024-50302 to bypass device locks.

This exploit was used in the detention of a student activist in Serbia, who was targeted following a protest in Belgrade. During his detention, forensic tools accessed his phone and attempted to install spyware.

Defense measures

Users and organizations should take the following steps to protect their devices:

  1. Update to the latest Android security patch (March 5, 2025, or later) to ensure protection against these vulnerabilities.
  2. Enable USB restrictions in security settings to prevent unauthorized data access.
  3. Use strong device encryption and secure lock screen settings to mitigate forensic extraction risks.
  4. Avoid plugging devices into untrusted USB ports or unknown computers, reducing the risk of HID-based attacks.

While Google has now patched these zero days, their prior use in surveillance operations highlights the ongoing risks associated with unpatched Android vulnerabilities. In this case, the zero-days were exploited for months, possibly even longer, before a patch was made available.

About Bill Mann

Bill specializes in explaining complex technical topics to a non-technical audience. In his 30+ year career, he has covered many of the technological advances that shape our lives. Today, Bill uses those skills to help people protect their privacy and security against the ever-growing assaults on both.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *