Two Critical Vulnerabilities Found in Android Devices – Update Now to Protect Your Device!

Google has issued an urgent security warning about two critical Android vulnerabilities identified as CVE-2024-43093 and CVE-2024-50302. These vulnerabilities are actively exploited in attacks targeting devices running Android versions 12 to 15. They allow attackers to bypass the lock screen, escalate privileges, and execute remote code.

Although these vulnerabilities have been patched in the March 2025 Android Security Bulletin (security patch level 2025-03-05), over one billion Android devices remain at risk.

Two Critical Android Vulnerabilities

CVE-2024-43093: Privilege Escalation in System Component

This vulnerability has a CVSS score of 7.8 and allows malicious apps to bypass Android’s sandbox protection.

Attackers exploit weak permission checks in the system component to gain access to restricted directories such as Android/data and Android/sandbox, allowing them to control sensitive operations.

Although it was patched in November 2024, delays in OEM updates mean that many devices are still vulnerable.

CVE-2024-50302: Memory Leak in Linux Kernel (HID Core)

This critical vulnerability involves a memory leak in the Human Interface Device (HID) subsystem of the Linux kernel.

Attackers can send crafted USB HID reports to read uninitialized kernel memory, which may expose encryption keys or authentication tokens.

In December 2024, Serbian authorities reportedly used this vulnerability to unlock a student activist’s device.
The Cellebrite Turbo Link device emulated malicious HID touchpads, triggering a memory leak and extracting lock screen data.

Although the vulnerability was fixed in Linux kernel versions 6.1.119+, delays in Android kernel updates mean that millions of devices remain vulnerable until the March 2025 update is applied.

Attack Chain

Hackers combine these three vulnerabilities to bypass Android’s security mechanisms:

✅ CVE-2024-53104 – Out-of-bounds write in UVC driver (patched in February 2025).
✅ CVE-2024-53197 – Heap overflow in USB audio drivers (patched in Linux, awaiting Android integration).
✅ CVE-2024-50302 – HID memory leak, allowing data theft.

Log analysis shows that attackers connect emulated USB devices (webcams, sound cards, HID touchpads) in rapid sequence to trigger each vulnerability.

Recommendations

🔹 Update Your Devices Immediately:
Go to Settings > System > Advanced > System Update and install the latest security updates.

🔹 Enable Google Play Protect:
This feature scans apps in real-time for threats.

🔹 Monitor OEM Updates:
Updates from Samsung, Xiaomi, and other manufacturers may be delayed.

🔹 Check Your Device’s Update Status:
If your last update date is before 2025-03-05, your device remains vulnerable.

🔹 Be Cautious with USB Devices:
Avoid connecting unknown USB devices without verifying their trustworthiness.

Conclusion

The CVE-2024-43093 and CVE-2024-50302 vulnerabilities highlight security gaps within the Android ecosystem. Due to OEM update delays and carrier approval processes, millions of devices remain vulnerable. Attackers can exploit these weaknesses to take control of devices and steal sensitive data.

🔹 Cybersecurity requires constant vigilance.
Updating Android, enabling Google Play Protect, and monitoring OEM updates can help protect your information.

💡 Device security is only as strong as its latest update!