Like clockwork, Google has just published the Android security bulletin for March 2025. The group explains that it has discovered 43 vulnerabilities in the code of its smartphone operating system. Among the flaws discovered, there are 11 high severity flaws and 10 critical severity vulnerabilities. As always, Google classifies all flaws by degree risk, according to these three levels: moderate, high, and critical.
A flaw that allows data to be stolen
Above all, Google highlights two flaws that can “be subject to limited and targeted exploitation”. In short, cybercriminals are currently using the two flaws to carry out attacks against very specific targets. These are not large-scale cyberattacks, but discreet operations with very specific objectives.
The first flaw was pinned by the Cybersecurity and Infrastructure Security Agency (CISA), ‘Cybersecurity and Infrastructure Security Agency of the United States, as of November 2024. It allows an attacker to increase their access rights without requiring additional authorizations. Ultimately, the flaw makes it possible to steal sensitive data or compromise the entire system, in particular by implanting malware.
Exploiting the vulnerability requires user interaction. If the user does not fall into the trap, the hacker cannot succeed in its purposes. It affects all devices running Android, especially versions 11 to 14.
A vulnerability exploited by the Serbian police
The second flaw concerns the Linux kernel, and its HID (Human Interface Device) component, which manages interaction with the user. Exploiting the flaw, an attacker can read sensitive memory areas of the kernel, which could compromise the system's performance. To exploit this flaw, the attacker must already have local access and limited privileges on the system. Exploited as part of an attack chain, it allows malware to be slipped onto the target's smartphone.
The vulnerability was used by Serbian police to monitor journalists or activists. The police took advantage of a visit to the police station or an interrogation to slip a spyware called NoviSpy onto the targets' phones.
This month, Google deployed two security updates. In addition to the standard monthly patch, additional patches were released to fix vulnerabilities in some third-party components as well as in the Android kernel. This approach offers more flexibility to Android smartphone manufacturers.
Google has just integrated the patch code into the Android Open Source Project (AOSP), allowing device manufacturers to incorporate these updates into their custom interfaces. How quickly these patches will be deployed to users now depends on the responsiveness of the manufacturers. To check if the patch is already available on your smartphone, go to the Settings menu, then to About device, and then to Software update. If an update is available, simply click on Start update.
Source: Android
0 Comments