Google Warns: Android Zero-Day Flaws in Pixel Telephones Exploited by Forensic Corporations

Apr 03, 2024NewsroomCellular Safety / Zero Day

Google has disclosed that two Android safety flaws impacting its Pixel smartphones have been exploited within the wild by forensic firms.

The high-severity zero-day vulnerabilities are as follows –

  • CVE-2024-29745 – An info disclosure flaw within the bootloader part
  • CVE-2024-29748 – A privilege escalation flaw within the firmware part

“There are indications that the [vulnerabilities] may be under limited, targeted exploitation,” Google mentioned in an advisory printed April 2, 2024.

Whereas the tech big didn’t reveal every other details about the character of the assaults exploiting these shortcomings, the maintainers of GrapheneOS mentioned they “are being actively exploited in the wild by forensic companies.”

Cybersecurity

“CVE-2024-29745 refers to a vulnerability in the fastboot firmware used to support unlocking/flashing/locking,” they mentioned in a collection of posts on X (previously Twitter).

“Forensic companies are rebooting devices in After First Unlock state into fastboot mode on Pixels and other devices to exploit vulnerabilities there and then dump memory.”

GrapheneOS famous that CVE-2024-29748 may very well be weaponized by native attackers to interrupt a manufacturing unit reset triggered by way of the gadget admin API.

The disclosure comes greater than two months after the GrapheneOS workforce revealed that forensic firms are exploiting firmware vulnerabilities that affect Google Pixel and Samsung Galaxy telephones to steal information and spy on customers when the units should not at relaxation.

It additionally urged Google to introduce an auto-reboot function to make exploitation of firmware flaws harder.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.

Recent articles

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

Dec 18, 2024Ravie LakshmananCyber Assault / Vulnerability Risk actors are...

Meta Fined €251 Million for 2018 Knowledge Breach Impacting 29 Million Accounts

Dec 18, 2024Ravie LakshmananKnowledge Breach / Privateness Meta Platforms, the...

LEAVE A REPLY

Please enter your comment!
Please enter your name here