Security News > 2024 > April > Google fixes two Pixel zero-day flaws exploited by forensics firms
2024-04-03 14:47
Google has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within them.
While the April 2024 security bulletin for Android didn't contain anything severe, the corresponding April 2024 bulletin for Pixel devices disclosed active exploitation of two vulnerabilities tracked as CVE-2024-29745 and CVE-2024-29748 flaws.
The flaws allow companies to unlock and access memory on Google Pixel devices, which they have physical access to.
Free VPN apps on Google Play turned Android phones into proxies.
Google tests blocking side-loaded Android apps with risky permissions.
Google fixes Chrome zero-days exploited at Pwn2Own 2024.
News URL
Related news
- Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (source)
- Google: Spyware vendors behind 50% of zero-days exploited in 2023 (source)
- Miscreants are exploiting enterprise tech zero days more and more, Google warns (source)
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Zero-day exploitation surged in 2023, Google finds (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)
- Google One VPN axed for everyone but Pixel loyalists ... for now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-05 | CVE-2024-29748 | Unspecified vulnerability in Google Android there is a possible way to bypass due to a logic error in the code. | 7.8 |
| 2024-04-05 | CVE-2024-29745 | Use of Uninitialized Resource vulnerability in Google Android there is a possible Information Disclosure due to uninitialized data. | 5.5 |