Security News > 2024 > April > Google fixes two Pixel zero-day flaws exploited by forensics firms

Google fixes two Pixel zero-day flaws exploited by forensics firms
2024-04-03 14:47

Google has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within them.

While the April 2024 security bulletin for Android didn't contain anything severe, the corresponding April 2024 bulletin for Pixel devices disclosed active exploitation of two vulnerabilities tracked as CVE-2024-29745 and CVE-2024-29748 flaws.

The flaws allow companies to unlock and access memory on Google Pixel devices, which they have physical access to.

Free VPN apps on Google Play turned Android phones into proxies.

Google tests blocking side-loaded Android apps with risky permissions.

Google fixes Chrome zero-days exploited at Pwn2Own 2024.


News URL

https://www.bleepingcomputer.com/news/security/google-fixes-two-pixel-zero-day-flaws-exploited-by-forensics-firms/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-04-05 CVE-2024-29748 Improper Handling of Exceptional Conditions vulnerability in Google Android
there is a possible way to bypass due to a logic error in the code.
local
low complexity
google CWE-755
7.8
2024-04-05 CVE-2024-29745 Use of Uninitialized Resource vulnerability in Google Android
there is a possible Information Disclosure due to uninitialized data.
local
low complexity
google CWE-908
5.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 141 994 4924 2873 1623 10414