Security News > 2024 > April > Google fixes two Pixel zero-day flaws exploited by forensics firms
Google has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within them.
While the April 2024 security bulletin for Android didn't contain anything severe, the corresponding April 2024 bulletin for Pixel devices disclosed active exploitation of two vulnerabilities tracked as CVE-2024-29745 and CVE-2024-29748 flaws.
The flaws allow companies to unlock and access memory on Google Pixel devices, which they have physical access to.
Free VPN apps on Google Play turned Android phones into proxies.
Google tests blocking side-loaded Android apps with risky permissions.
Google fixes Chrome zero-days exploited at Pwn2Own 2024.
News URL
Related news
- Cirrus: Open-source Google Cloud forensic collection (source)
- Google fixes Android kernel zero-day exploited in targeted attacks (source)
- Google to Remove App that Made Google Pixel Devices Vulnerable to Attacks (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google backports fix for Pixel EoP flaw to other Android devices (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-04-05 | CVE-2024-29748 | Improper Handling of Exceptional Conditions vulnerability in Google Android there is a possible way to bypass due to a logic error in the code. | 7.8 |
2024-04-05 | CVE-2024-29745 | Use of Uninitialized Resource vulnerability in Google Android there is a possible Information Disclosure due to uninitialized data. | 5.5 |