AI description
CVE-2024-43093 is a privilege escalation vulnerability in the Android Framework component. This flaw allows unauthorized access to directories like "Android/data," "Android/obb," and "Android/sandbox," along with their subdirectories, by bypassing a file path filter. It requires user interaction for exploitation. This vulnerability was addressed in the March 2025 Android security update and has been reported to be under limited, targeted exploitation. It was also previously patched in November 2024. It impacts the Documents UI component and involves mishandling permissions during inter-process communication. This inadequate validation of IPC messages can allow malicious apps to gain elevated privileges, exceeding the permissions granted by the operating system's sandboxing mechanisms.
- Description
- In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- Source
- security@android.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Android Framework Privilege Escalation Vulnerability
- Exploit added on
- Nov 7, 2024
- Exploit action due
- Nov 28, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2024-43093
@transilienceai
28 Mar 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 𝐁𝐫𝐢𝐞𝐟 𝐒𝐮𝐦𝐦𝐚𝐫𝐲 𝐨𝐟 𝐭𝐡𝐞 𝐍𝐞𝐰𝐬: Google's March 2025 security update addresses 43 vulnerabilities affecting Android devices, including two actively exploited flaws: CVE-2024-43093 A privilege escalation vulnerability in the Android framework with a CVSS score…
@ThreatSynop
18 Mar 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-43093
@transilienceai
15 Mar 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ Google’s March 2025 Android Security Bulletin warns of 44 vulnerabilities, including two actively exploited flaws: CVE-2024-43093 and CVE-2024-50302, with one tied to a zero-day attack on activists. https://t.co/f6Qk0mecs4
@achi_tech
13 Mar 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-43093
@transilienceai
10 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-43093
@transilienceai
9 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Google's March 2025 Android update fixes 44 vulnerabilities, including two actively exploited ones (CVE-2024-43093 & CVE-2024-50302).
@ladywithsarcasm
8 Mar 2025
244 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-43093
@transilienceai
8 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-43093
@transilienceai
7 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
گوگل از کاربران گوشی های اندرویدی خواسته تا سریعا گوشی خود را به روز رسانی نمایند. به تازگی ۲ آسیب پذیری خطرناک با کدهای شناسایی CVE-2024-43093 و CVE-2024-50302 که از نوع RCE و Privilege escalation هستند ، برای سیستم عامل اندروید منتشر شده اند. https://t.co/Poz3aKYxT1 https://t.c
@AmirHossein_sec
5 Mar 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-43093
@transilienceai
5 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
گوگل از کاربران گوشی های اندرویدی خواسته تا سریعا گوشی خود را به روز رسانی نمایند. به تازگی ۲ آسیب پذیری خطرناک با کدهای شناسایی CVE-2024-43093 و CVE-2024-50302 که از نوع RCE و Privilege escalation هستند ، برای سیستم عامل اندروید منتشر شده اند. https://t.co/pD1G3izlBE
@cybernetic_cy
5 Mar 2025
46 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 Android Update 2025 🔒 Google’s update fixes 43 vulnerabilities, including 2 actively exploited flaws. Key fixes: privilege escalation (CVE-2024-43093) & issues in Android, Qualcomm, & MediaTek. 🛡️ Update now! 👉 https://t.co/UnQaazAqiG #Android #CyberProtection #Upda
@3bData
5 Mar 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Google Warns of Two Critical Android Vulnerabilities Under Attack Read more: https://t.co/sXIO4T95uV 👉 CVE-2024-43093: System Component Privilege Escalation 👉 CVE-2024-50302: Linux Kernel HID Core Memory Leak #cybersecurity
@gbhackers_news
5 Mar 2025
130 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Google Warns of Two Critical Android Vulnerabilities Under Attack Read more: https://t.co/AUMWuL6Kou 👉 CVE-2024-43093: System Component Privilege Escalation 👉 CVE-2024-50302: Linux Kernel HID Core Memory Leak #cybersecurity https://t.co/eKAIgICk8a
@The_Cyber_News
5 Mar 2025
66 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Androidの重大な脆弱性が標的型攻撃などへ悪用の可能性(CVE-2024-43093,CVE-2024-50302) #セキュリティ対策Lab #セキュリティ #Security https://t.co/bpagFOSj6D
@securityLab_jp
5 Mar 2025
32 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google Patches 2 Actively Exploited Android Flaws! March 2025 update fixes 44 vulnerabilities, including: 🔹 CVE-2024-43093 – Unauthorized access to Android directories. 🔹 CVE-2024-50302 – Linux kernel flaw exploited via Cellebrite zero-day. 📲 Update ASAP!… https://t.co/oGAS7
@dCypherIO
4 Mar 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google has patched over 40 Android vulnerabilities, including 2 actively exploited ones (CVE-2024-43093 & CVE-2024-50302) that could lead to serious security risks. Stay updated! 🔒 #AndroidSecurity #TechUpdate #USA link: https://t.co/kceXxYwudv https://t.co/ksTP0FlozJ
@TweetThreatNews
4 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google’s March 2025 Android update patches 2 exploited flaws—CVE-2024-43093 and CVE-2024-50302. Privilege escalation risks are real. Updated your phone yet? What’s your go-to security habit? #AndroidSecurity
@CyberDhaal
4 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google corregge vulnerabilità critiche con l’aggiornamento Android di marzo 2025 Sicurezza Informatica, aggiornamento, Android, CVE-2024-43093, CVE-2024-50302, exploit, Google Play Protect, patch sicurezza, vulnerabilità https://t.co/OoOniC56La https://t.co/CViaAi0Iqu
@matricedigitale
4 Mar 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 The March 2025 Android Security Bulletin addresses 44 vulnerabilities, including 2 exploited flaws, CVE-2024-43093 and CVE-2024-50302. Ensure the latest patches are implemented! #AndroidUpdate #Vulnerabilities #USA link: https://t.co/QrZPBttlbY https://t.co/pQjGyvZX9L
@TweetThreatNews
4 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 أصدرت Google تحديث الأمان لشهر مارس 2025 لنظام Android، مستهدفة 44 ثغرة أمنية، منها اثنتان تعرضتا للاستغلال النشط. من بين هذه الثغرات، CVE-2024-43093، الذي يسمح بالتصعيد في الامتيازات والوصول غير المصرح به إلى بيانات النظام. #الامن_السيبراني https://t.co/JATyzavK2d
@Cybercachear
4 Mar 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Google’s March 2025 Android Security Bulletin warns of 44 vulnerabilities, including two actively exploited flaws: CVE-2024-43093 and CVE-2024-50302, with one tied to a zero-day attack on activists. Get the full details: https://t.co/y4xfmE3CQR
@TheHackersNews
4 Mar 2025
33569 Impressions
61 Retweets
121 Likes
22 Bookmarks
1 Reply
0 Quotes
Android Security Bulletin - March 2025 https://t.co/Nd0zWgrI6s Wow.... 10 crit vulns(https://t.co/Xy9WeQK3J8) CVE-2024-43093 & CVE-2024-50302 exploited ITW
@xvonfers
3 Mar 2025
4591 Impressions
8 Retweets
41 Likes
20 Bookmarks
1 Reply
1 Quote
on a scale fom 1-10 , @Google, how bad is CVE-2024-43093 if the last update you gave me is from March, and the vulnerability is fixed in November? https://t.co/KkzMLnPLqJ https://t.co/ztmIFHFouz
@xxxDEV1xxx
24 Jan 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google warns of active exploitation of CVE-2024-43093 in Android. This #vulnerability allows unauthorized access to critical directories, emphasizing the need for timely updates and patching processes. Source : https://t.co/HyogMznuCL
@3xxx_301
21 Jan 2025
92 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Google warns of active exploitation of CVE-2024-43093 in Android. This #vulnerability allows unauthorized access to critical directories, emphasizing the need for timely updates and patching https://t.co/0miExnsQab https://t.co/Utcmvz9Xh3
@johnwalshiii
20 Jan 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Warns of Active Exploitation of CVE-2024-43093 in Android ! To learn more, read on: https://t.co/nA4H1edrzj https://t.co/nRROcfdU2i #security #pentesting #cybersecurity #website #appsecurity https://t.co/sz4z2h333z
@norsyx
19 Dec 2024
204 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google warns of active exploitation of CVE-2024-43093 in Android. This #vulnerability allows unauthorized access to critical directories, emphasizing the need for timely updates and patching https://t.co/0miExnsQab https://t.co/DZQlYzKEHP
@johnwalshiii
11 Dec 2024
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 Apache ExternalStorage File Path Filter Bypass (Local Privilege Escalation) - #CVE-2024-43093 (Critical) - Critical https://t.co/cwuypcfZdj
@dailycve
28 Nov 2024
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-43093
@transilienceai
23 Nov 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-43093
@transilienceai
20 Nov 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-43093
@transilienceai
19 Nov 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-43093
@transilienceai
18 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-43093
@transilienceai
17 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Advisory on Vulnerability CVE-2024-43093 Exploited in Android Operating System. @NITDANigeria https://t.co/h3EraPnKzS
@theoloriherself
16 Nov 2024
133 Impressions
3 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Advisory on Vulnerability CVE-2024-43093 Exploited in Android Operating System. by @NITDANigeria https://t.co/4kYl0bwAyb
@Adeolaoluw71104
16 Nov 2024
56 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Android users, update phone now! CVE-2024-43093 is being exploited. Protect your device from unauthorized access. https://t.co/ELjbF630Fk
@Ahmed___khaan
15 Nov 2024
477 Impressions
3 Retweets
11 Likes
1 Bookmark
0 Replies
0 Quotes
Android users, update now! CVE-2024-43093 is being exploited. Protect your device from unauthorized access. https://t.co/6PE0IMaCPZ
@__yellows
15 Nov 2024
908 Impressions
7 Retweets
11 Likes
0 Bookmarks
0 Replies
0 Quotes
Advisory on Vulnerability CVE-2024-43093 Exploited in Android Operating System. - Overview. - Impact. - Prevention. Via - @NITDANigeria. https://t.co/kXniDr2ass
@Nawas_masood
15 Nov 2024
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Advisory on Vulnerability CVE-2024-43093 Exploited in Android Operating System. - Overview. - Impact. - Prevention. Via - @NITDANigeria. https://t.co/DeEFeX5Ie3
@zaMusbeyNe_
15 Nov 2024
433 Impressions
13 Retweets
13 Likes
0 Bookmarks
0 Replies
0 Quotes
Important Message From @NITDANigeria : Advisory on Vulnerability CVE-2024-43093 Exploited in Android Operating System. https://t.co/diXdwgJtUE
@Journalist_Mind
15 Nov 2024
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Advisory on Vulnerability CVE-2024-43093 Exploited in Android Operating System. https://t.co/9jvcWUR6kL
@_chiefagbabiaka
15 Nov 2024
1312 Impressions
10 Retweets
8 Likes
0 Bookmarks
1 Reply
0 Quotes
Advisory on Vulnerability CVE-2024-43093 Exploited in Android Operating System. https://t.co/fgFuIXVOUm
@NITDANigeria
15 Nov 2024
4485 Impressions
51 Retweets
70 Likes
3 Bookmarks
1 Reply
3 Quotes
🚨 #Android Vulnerability Alert: #CVE-2024-43093 Allows Privilege Escalation (Undercode Analysis) https://t.co/QfqRWTzXmJ
@UndercodeNews
15 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-43093 In shouldHideDocument of https://t.co/r3tn21m5se, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to in… https://t.co/TAOCmEWUBr
@CVEnew
13 Nov 2024
314 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥Your daily #security news! Google Warns of Actively Exploited Android Vulnerability! Google has warned that a privilege escalation flaw in the Android Framework component (CVE-2024-43093) is being actively exploited in the wild. The vulnerability could result in unauthorized…
@GuardingPearSof
11 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Latest Cyber Security News from Cyber Security Park. Google warns of actively exploited CVE-2024-43093 vulnerability in Android system, https://t.co/i5SFARbQMu
@cybersecpark
11 Nov 2024
39 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
3/10🔓Exploit in Android Framework! 🚨 CVE-2024-43093 is actively being exploited in targeted attacks. Protect yourself by staying up to date with the latest security patches. High-value individuals and organizations are particularly at risk!💥#CyberAttack #AndroidExploit
@Eth1calHackrZ
10 Nov 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2/10 💥 CVE-2024-43093: A Threat to Your Privacy⚠️This Android vulnerability targets critical directories like "Android/data" & "Android/obb". Attackers could steal personal data, install malware, or hijack your device. Stay protected — update your OS immediately!🚫#AndroidFl
@Eth1calHackrZ
10 Nov 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
},
{
"criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E"
}
],
"operator": "OR"
}
]
}
]