Security News > 2024 > April > Google fixes two Pixel zero-day flaws exploited by forensics firms
2024-04-03 14:47
Google has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within them.
While the April 2024 security bulletin for Android didn't contain anything severe, the corresponding April 2024 bulletin for Pixel devices disclosed active exploitation of two vulnerabilities tracked as CVE-2024-29745 and CVE-2024-29748 flaws.
The flaws allow companies to unlock and access memory on Google Pixel devices, which they have physical access to.
Free VPN apps on Google Play turned Android phones into proxies.
Google tests blocking side-loaded Android apps with risky permissions.
Google fixes Chrome zero-days exploited at Pwn2Own 2024.
News URL
Related news
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- New Google Pixel AI feature analyzes phone conversations for scams (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-05 | CVE-2024-29748 | Improper Handling of Exceptional Conditions vulnerability in Google Android there is a possible way to bypass due to a logic error in the code. | 7.8 |
| 2024-04-05 | CVE-2024-29745 | Use of Uninitialized Resource vulnerability in Google Android there is a possible Information Disclosure due to uninitialized data. | 5.5 |