Ethical Hacking News
Google has released patches for 43 vulnerabilities in its March 2025 security update, including two zero-days exploited in targeted attacks by Serbian authorities.
Google has released patches for 43 vulnerabilities in its March 2025 security update, including two zero-day exploits.The zero-days were discovered by Amnesty International's Security Lab and can be exploited to gain unauthorized access to sensitive directories on Android devices.The two zero-day vulnerabilities are significant because they allow attackers to unlock devices that were previously locked by authorities.Google has released patches for all 43 vulnerabilities, including the two zero-days, in response to reports of exploitation.The security update also addresses 11 additional vulnerabilities and includes patches for closed-source third-party and kernel subcomponents.
In a recent development that highlights the ongoing cat-and-mouse game between cybersecurity experts and nation-state actors, Google has released patches for 43 vulnerabilities in its March 2025 security update, including two zero-days exploited in targeted attacks. The zero-day exploits, which were discovered by Amnesty International's Security Lab while analyzing logs from an Android device unlocked by Serbian authorities, have raised concerns about the resilience of mobile devices against sophisticated attacks.
The two zero-day vulnerabilities, identified as CVE-2024-50302 and CVE-2024-43093, are significant because they can be exploited to gain unauthorized access to sensitive directories on Android devices. The first vulnerability, CVE-2024-50302, is a high-severity information disclosure security vulnerability in the Linux kernel's driver for Human Interface Devices (HID). This vulnerability allows an attacker to unlock devices that were previously locked by authorities, as seen in the case of Serbian authorities using one of the zero-days to gain access to confiscated Android devices.
The second vulnerability, CVE-2024-43093, is an Android Framework privilege escalation vulnerability. It allows local attackers to access sensitive directories on vulnerable devices due to incorrect unicode normalization and exploiting a file path filter bypass without additional execution privileges or user interaction. This vulnerability has been identified as one of the two zero-days that were exploited by the Serbian government in NoviSpy spyware attacks targeting activists, journalists, and protestors.
In response to these vulnerabilities, Google has released patches for all 43 vulnerabilities, including the two zero-days. The company claims to have been aware of the vulnerabilities and exploitation risk prior to the reports being made public. Google shared fixes for these flaws with OEM partners in January, as revealed by BleepingComputer.
The security update also addresses 11 vulnerabilities that can let attackers gain remote code execution on vulnerable devices. Additionally, it includes patches for closed-source third-party and kernel subcomponents, which may not apply to all Android devices.
Google Pixel devices are the first to receive these updates immediately, while other vendors will often take longer to test and fine-tune the security patches for their hardware configurations. Manufacturers can also prioritize the earlier patch set for quicker updates, which does not necessarily indicate increased exploitation risk.
This incident serves as a reminder of the ongoing battle between cybersecurity experts and nation-state actors. As new vulnerabilities are discovered and exploited, it is crucial for device manufacturers and consumers to stay vigilant and keep up with the latest security patches. The release of these patches by Google underscores the company's commitment to protecting its users from such threats.
In conclusion, the recent exploit of Android zero-days by Serbian authorities highlights the need for continued vigilance in cybersecurity. Google's response demonstrates its proactive approach to addressing vulnerabilities and keeping users safe. As new vulnerabilities emerge, it is essential for device manufacturers and consumers to stay informed and take steps to protect themselves against such attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Google-Responds-to-Exploitation-of-Android-Zero-Days-by-Serbian-Authorities-ehn.shtml
https://www.bleepingcomputer.com/news/security/google-fixes-android-zero-days-exploited-in-targeted-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2024-50302
https://www.cvedetails.com/cve/CVE-2024-50302/
https://nvd.nist.gov/vuln/detail/CVE-2024-43093
https://www.cvedetails.com/cve/CVE-2024-43093/
Published: Tue Mar 4 06:17:56 2025 by llama3.2 3B Q4_K_M
