CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-43093

Critical Severity
Google
SVRS
75/100
CVSSv3
7.8/10
EPSS
0.00016/1

CVE-2024-43093 allows a local privilege escalation due to incorrect unicode normalization in ExternalStorageProvider.java. This vulnerability could allow unauthorized access to sensitive directories, requiring user interaction for exploitation.

CVE-2024-43093 is a local escalation of privilege vulnerability affecting ExternalStorageProvider.java. The vulnerability arises from a flaw in the file path filter within the ExternalStorageProvider, specifically in the shouldHideDocument function. The incorrect unicode normalization can bypass security measures meant to prevent access to sensitive areas. Although it requires user interaction, successful exploitation could lead to unauthorized access. Given its association with active exploits and presence in the CISA KEV catalog, prompt attention is advised, even though the SVRS score is 75. This highlights the importance of addressing this security flaw to prevent potential abuse, especially in environments where user interaction can be engineered.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:N
UI:R
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-11-13
LAST MODIFIED2024-11-14
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-43093 describes a vulnerability in the ExternalStorageProvider.java file that allows potential bypass of a file path filter. This vulnerability is caused by incorrect Unicode normalization, which can lead to local escalation of privilege. User interaction is required for exploitation.

The SVRS for this vulnerability is 36, which is below the critical threshold of 80. However, despite the lower SVRS, the vulnerability is considered high-risk due to its presence "In The Wild", the availability of active exploits, and the involvement of a known threat actor group, Lazarus Group.

Key Insights

  • Exploitation Requires User Interaction: This vulnerability requires user interaction for successful exploitation, meaning that it might not be exploited remotely. However, attackers can use social engineering techniques to trick users into clicking malicious links or downloading compromised files.
  • Local Escalation of Privilege: Successful exploitation of this vulnerability allows attackers to escalate their privileges within the affected system. This can give them access to sensitive data, critical system resources, and potentially even allow them to execute arbitrary code.
  • Active Exploits: Active exploits have been published and are being used in the wild by threat actors. This indicates that attackers are actively exploiting this vulnerability, making it a critical threat.
  • Threat Actor Involvement: The Lazarus Group, a known state-sponsored cybercrime group, is actively using this vulnerability. This suggests that sophisticated and well-resourced adversaries are exploiting this flaw, making it a significant concern for organizations.

Mitigation Strategies

  • Patching: The most effective mitigation strategy is to patch the affected software immediately. This will close the vulnerability and prevent attackers from exploiting it.
  • Security Awareness Training: Regular security awareness training for all employees is critical. This training should educate users about social engineering tactics, how to identify malicious links and attachments, and the importance of reporting suspicious activities.
  • Network Segmentation: Implementing strong network segmentation can limit the impact of a successful attack. By segmenting the network into different zones with controlled access, you can prevent attackers from spreading laterally across your system.
  • File Path Filter Validation: Organizations should thoroughly review and validate all file path filters, including those for Unicode normalization, to ensure they are secure and prevent potential bypasses.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
exploitsecure/CVE-2024-43093https://github.com/exploitsecure/CVE-2024-430932024-11-05
Android Framework Privilege Escalation Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-430932024-11-07
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities - The Hacker News
2025-03-04
Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities - The Hacker News | News Content: Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exploitation in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-43093 - A privilege escalation flaw in the Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories, and their respective sub-directories. CVE-2024-50302 - A privilege escalation flaw in the HID USB component of the Linux kernel
google.com
rss
forum
news
CVE-2024-43093 | Google Android 12/13/14/15 ExternalStorageProvider.java shouldHideDocument Local Privilege Escalation
vuldb.com2025-05-01
CVE-2024-43093 | Google Android 12/13/14/15 ExternalStorageProvider.java shouldHideDocument Local Privilege Escalation | A vulnerability, which was classified as problematic, has been found in Google Android 12/13/14/15. This issue affects the function shouldHideDocument of the file ExternalStorageProvider.java. The manipulation leads to Local Privilege Escalation. The identification of this vulnerability is CVE-2024-43093. An attack has to be approached locally
vuldb.com
rss
forum
news
Android security update contains 2 actively exploited vulnerabilities - CyberScoop
2025-03-03
Android security update contains 2 actively exploited vulnerabilities - CyberScoop | News Content: Google addressed 43 vulnerabilities affecting Android devices in its March security update, including a pair of software defects reportedly under active exploitation. Google said the two vulnerabilities — CVE-2024-43093 and CVE-2024-50302 — “may be under limited, targeted exploitation.” The most severe of the flaws under active exploitation, CVE-2024-43093, carries a CVSS score of 7.8 and was added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog in November. The Android framework privilege escalation vulnerability allows attackers to gain local escalation of privilege
google.com
rss
forum
news
10th March – Threat Intelligence Report
hagarb2025-05-01
10th March – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 10th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The City of Mission, Texas, has declared a local state of emergency following a severe cybersecurity incident that threatens to expose protected personal information, health records, and other critical data managed by [&#8230;] The post 10th March – Threat Intelligence Report appeared first on Check Point Research<
checkpoint.com
rss
forum
news
Google fixed two actively exploited Android zero-days
Pierluigi Paganini2025-04-08
Google fixed two actively exploited Android zero-days | Google addressed 62 vulnerabilities with the release of Android &#8216;s April 2025 security update, including two actively exploited zero-days. Google released Android &#8216;s April 2025 security updates to address 62 vulnerabilities, including two zero-day vulnerabilities (CVE-2024-53197, CVE-2024-53150) exploited in targeted attacks. The vulnerability CVE-2024-53197 is a Linux kernel issue affecting ALSA USB audio. Malicious devices [&#8230;] Google
securityaffairs.co
rss
forum
news
🚨 Patch Tuesday Alert: March 2025
Mike (Action1)2025-03-11
🚨 Patch Tuesday Alert: March 2025 | Microsoft has fixed 57 vulnerabilities, including six zero-days, six critical and one more vulnerability has a publicly available proof of concept. Third-party: web browsers, Android, VMware, Cisco, Paragon Partition Manager, Parallels Desktop, MongoDB, Ivanti, Citrix, Microsoft Bing &amp; Power Pages, Juniper Networks, OpenSSH, Fortinet, and Progress Software LoadMaster. Navigate to Vulnerability Digest from Action1 for comprehensive summary updated in real-time: Patch Tuesday March 2025
spiceworks.com
rss
forum
news
10th March – Threat Intelligence Report - Check Point Research
2025-03-10
10th March – Threat Intelligence Report - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 10th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The City of Mission, Texas, has declared a local state of emergency following a severe cybersecurity incident that threatens to expose protected personal information, health records, and other critical data managed by city departments. The emergency declaration was issued by Mayor Norie Gonzalez Garza on March 4, 2025, after the cyber-attack was identified on February 28, 2025. City officials are concerned that sensitive government data could
google.com
rss
forum
news

Social Media

#Android #Vulnerability Android Alert: Critical Flaws CVE-2024-43093 &amp; CVE-2024-50302 Exploited, Update Now! https://t.co/mngHSjWTjZ
0
0
0
🚨 𝐁𝐫𝐢𝐞𝐟 𝐒𝐮𝐦𝐦𝐚𝐫𝐲 𝐨𝐟 𝐭𝐡𝐞 𝐍𝐞𝐰𝐬: Google's March 2025 security update addresses 43 vulnerabilities affecting Android devices, including two actively exploited flaws: ​CVE-2024-43093 A privilege escalation vulnerability in the Android framework with a CVSS score
0
0
0
@JonMajerowski "March 2025 Android Security Bulletin, which reported 44 vulnerabilities, including two under active exploitation, CVE-2024-43093 and CVE-2024-50302. The post's emphasis on updating Windows, Android, and iOS devices reflects a broader concern about mobile security threats, with
1
0
0
Actively exploited CVE : CVE-2024-43093
1
0
0
Google's March 2025 Android update fixes 44 vulnerabilities, including two actively exploited ones (CVE-2024-43093 &amp; CVE-2024-50302).
0
0
0
[Information Security Buzz] Google Issues Urgent Alert for Exploited Android Vulnerabilities. Google has issued an urgent security alert addressing two critical Android vulnerabilities, CVE-2024-43093 and CVE-2024-50302, which are actively being... https://t.co/Eu3LXCRT2o
0
0
0
⚠️ Google’s March 2025 Android Security Bulletin warns of 44 vulnerabilities, including two actively exploited flaws: CVE-2024-43093 and CVE-2024-50302, with one tied to a zero-day attack on activists. Get the full details: https://t.co/sTPgXoRZ8Q
0
0
0
🚨 Google warns of actively exploited Android vulnerabilities 🚨 Critical security flaws, including CVE-2024-50302 and CVE-2024-43093, allow privilege escalation and remote code execution. 🔍📱 🔗 Read our article: https://t.co/KRm5UxPCpn #CyberSecurity #Android #Infosec #Google https://t.co/PnEeUDqDqX
0
0
0
🔒 Android Update 2025 🔒 Google’s update fixes 43 vulnerabilities, including 2 actively exploited flaws. Key fixes: privilege escalation (CVE-2024-43093) &amp; issues in Android, Qualcomm, &amp; MediaTek. 🛡️ Update now! 👉 https://t.co/UnQaazAqiG #Android #CyberProtection #Updates
0
0
0
🚨 Google Warns of Two Critical Android Vulnerabilities Under Attack Read more: https://t.co/AUMWuL6Kou 👉 CVE-2024-43093: System Component Privilege Escalation 👉 CVE-2024-50302: Linux Kernel HID Core Memory Leak #cybersecurity https://t.co/eKAIgICk8a
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSGoogleandroid

References

ReferenceLink
[email protected]https://android.googlesource.com/platform/frameworks/base/+/67d6e08322019f7ed8e3f80bd6cd16f8bcb809ed
[email protected]https://source.android.com/security/bulletin/2024-11-01

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence