Google has recently issued a warning about Android vulnerabilities that have been actively exploited by attackers before security updates were made available. While patches have now been released, some devices remain unprotected. Additionally, several critical security flaws have been identified that enable remote code execution, posing a serious risk to users.

Actively Exploited Vulnerabilities

One of the vulnerabilities that has been exploited in the wild is CVE-2024-50302. This exploit allows locked Android devices to be unlocked without user permission. According to Amnesty International, forensic software company Cellebrite has used this vulnerability for data extraction.

The second actively exploited vulnerability, CVE-2024-43093, is located in the Android Framework and allows attackers to gain access to sensitive directories without proper permissions. This issue was already patched in Android 15 QPR1 and has now been backported to earlier versions.

Both vulnerabilities require an attacker to have prior access to the device, which lowers their impact compared to other critical vulnerabilities. However, they still present a serious security risk.

Critical Vulnerabilities

In addition to the above-mentioned exploits, eight critical security flaws have been discovered that allow remote code execution. This means an attacker can execute malicious code on a device remotely, without requiring additional permissions. Furthermore, there are severe vulnerabilities that allow attackers to escalate privileges (CVE-2025-22409) or execute denial-of-service attacks (CVE-2025-0081).

Google has not disclosed details on how these vulnerabilities can be exploited, but the release of patches underscores the severity of the situation.

How to Check If Your Android Device Is Vulnerable

Users can check if their device is updated and protected against these vulnerabilities by following these steps:

Check Your Security Patch Level:

        Open Settings > About Phone > Android Version.

        Look under Security Update.

        If the date is 2025-03-01 or 2025-03-05, your device is patched.

Verify Kernel Vulnerabilities:

Open a terminal app (such as Termux) and run the following command:

        uname -r

Compare the kernel version with the updated versions listed in the March 2025 Android Security Bulletin.

Check for Android Framework Vulnerabilities:

Run the following ADB command on a computer with ADB tools installed:

        adb shell getprop ro.build.version.security_patch

This will display the patch date. Ensure it matches 2025-03-01 or 2025-03-05.

Available Updates and Patch Policy

Google has released updates for Android 12, 12L, 13, 14, and 15. Device manufacturers have been aware of these vulnerabilities for at least a month and have had time to develop updates. However, this does not guarantee that all devices will receive the updates, as some are no longer supported.

Users with older devices that no longer receive updates may consider strengthening their security by switching to alternative operating systems such as GrapheneOS or LineageOS, if their device is compatible.

Conclusion

The recent Android vulnerabilities highlight the importance of staying up to date with security updates. Users are advised to check their patch level and install updates manually if necessary. For older devices that no longer receive updates, limiting the installation of unsafe apps and using security software can help mitigate risks.

It is crucial to take security updates seriously and take action to ensure that your devices remain protected against these and future threats.

Sources

This article is based on information from Google's official Android Security Bulletin, Amnesty International’s Security Lab, and reports from GrapheneOS. Additional details were gathered from security advisories and industry reports regarding actively exploited vulnerabilities.