Full Report
Google has released patches for 43 vulnerabilities in Android's March 2025 security update, including two zero-days. Serbian authorities have used one of the zero-days to unlock confiscated devices. [...]
Analysis Summary
This summary is based on the provided article snippet, focusing on the Android zero-day vulnerabilities fixed by Google.
# Vulnerability: Android Privilege Escalation Zero-Day Exploited by Serbian Authorities
## CVE Details
- CVE ID: CVE-2024-43093 (Identified for the second zero-day fixed this month)
- CVSS Score: Not explicitly stated in provided text.
- CWE: Specific CWE not detailed, but relates to insecure handling of file paths due to improper Unicode normalization.
## Affected Systems
- Products: Android Operating System
- Versions: Specific vulnerable versions are not detailed, but fixes are included in the March 2025 security updates.
- Configurations: Local attackers exploiting the flaw.
## Vulnerability Description
CVE-2024-43093 is an Android Framework privilege escalation vulnerability. It allows local attackers to gain access to sensitive directories by exploiting a vulnerability in the handling of unicode normalization, which bypasses a file path filter. Crucially, this exploitation does not require additional execution privileges or user interaction beyond the local context. The presence of this vulnerability was discovered through monitoring logs on a device accessed by Serbian authorities.
## Exploitation
- Status: Exploited in the wild (Linked to activities by Serbian authorities).
- Complexity: Low (Implied by the fact that a local attacker could exploit it without requiring user interaction or extra privileges).
- Attack Vector: Local.
## Impact
- Confidentiality: High (Potential access to sensitive directories).
- Integrity: High (Implied by unauthorized access to system locations).
- Availability: Not explicitly detailed, but unauthorized directory access could impact system stability.
## Remediation
### Patches
- Google shared fixes with OEM partners on January 18th.
- Fixes were included in the March 2025 Android Security Patch Levels:
- **2025-03-01** Security Patch Level
- **2025-03-05** Security Patch Level (Includes fixes from the first batch plus kernel/third-party updates)
### Workarounds
- No specific workarounds were detailed in the provided text, as the patch was made available promptly after detection.
## Detection
- Indicators of compromise (IOCs) are related to logs found on compromised devices analyzed by security researchers in collaboration with Serbian authorities. Due to the nature of this vulnerability (local privilege escalation), robust system monitoring for unauthorized file access attempts might be relevant.
## References
- Vendor Advisory (Android Security Bulletin): bxxps://source.android.com/docs/security/bulletin/2025-03-01#2025-03-01-security-patch-level-vulnerability-details
- Vendor Advisory (Android Security Bulletin): bxxps://source.android.com/docs/security/bulletin/2025-03-01#2025-03-05-security-patch-level-vulnerability-details
- NIST NVD Entry (for CVE-2024-43093): bxxps://nvd.nist.gov/vuln/detail/CVE-2024-43093
- General News Source: bxxps://www.bleepingcomputer.com/news/security/google-fixes-android-zero-days-exploited-in-targeted-attacks/