Skip to content

Google patches 40 vulnerabilities in Android, 2 actively exploited

  • by
  • 2 min read

Tada Images / Shutterstock.com

Google has patched over 40 vulnerabilities in Android, two of which are actively being exploited in the wild. The update is divided into two parts. The first launches on March 1 and addresses 30 vulnerabilities. The second arrives on March 5 and patches an additional 13 vulnerabilities in Kernel, MediaTek, and Qualcomm components.

The first update, dubbed the 2025-03-01 security patch level, addresses 10 critical severity flaws in the Android system, including eight that, if exploited, can lead to remote code execution. The other two can be exploited to elevate privileges and carry out Denial-of-Service (DoS) attacks, respectively.

The actively exploited vulnerabilities include CVE-2024-43093 and CVE-2024-50342—a privilege escalation and memory leak issue respectively. Google’s advisory didn’t go into much detail about how the vulnerabilities have been exploited, but its security advisory did claim that there are indications the bugs “may be under limited, targeted exploitation.”

Photo: rafapress / shutterstock. Com
Photo: Rafapress / Shutterstock.com

Out of the two, CVE-2024-43093 is being exploited for the second time. Google had previously patched this flaw as part of its November 2024 Android update. A recent Amnesty International report claims that CVE-2024-50302 was exploited as a zero-day by Cellebrite’s forensic data analysis tools, building on its previous December 2024 report claiming that the Serbian police were using Cellebrite tools to spy on journalists and activists. Based on Amnesty’s earlier report, Cellebrite ended up running an investigation of its own and banned Serbia for misusing its equipment.

Android for mobile wasn’t the only operating system patched by Google in its latest round of updates either. Android Wear also received a security update fixing two bugs. Google informs Android partners of any relevant vulnerabilities at least a month before publishing advisories. Hence, the second part of the update, dubbed the 2025-03-05 security patch level, receives patches for two MediaTek components, five Qualcomm components, and three Qualcomm closed-source components.

In the News: Web3 job scam spreads GrassCall malware, steals crypto wallets

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

What all data does your browser collect about you? Here are 7 types

TikTok slams Australia’s YouTube exemption from under-16 social media ban

This is an image of malware featured security

Web3 job scam spreads GrassCall malware, steals crypto wallets

This is an image of dark web hacker security

Iranian hackers attack UAE aviation via compromised Indian firm’s email

This is an image of indian flag

Data of 30K+ students and faculty of University of Mumbai exposed on dark web

What is phishing? Types of phishing scams and how to protect yourself?

Havoc C2 framework exploited via SharePoint in phishing campaign

This is an image of sewacity

Indian food delivery platform Sewacity allegedly breached

>