he Multi-State Information Sharing and Analysis Center has issued another advisory relating to vulnerabilities in Google Android OS that could allow for remote code executition with no additional privileges needed. This includes, phones, smart watches, tablets and other devices.

Threat Intelligence:
Google indicates limited, targeted exploitation of CVE-2024-43093 and CVE-2024-50302.
Systems Affected: Android OS patch levels prior to 2025-03-05

Government Risk:
– Large and medium government entities: High
– Small government entities: High

Recommendations:
Apply appropriate mitigations provided by Google to vulnerable systems immediately after appropriate testing.
Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.
Restrict execution of code to a virtual environment on or in transit to an endpoint system.
Reference Android: https://source.android.com/docs/security/bulletin/2025-03-01

Originally published in NJCCIC Advsiory, March 12, 2025.