Security News > 2024 > June > Google warns of actively exploited Pixel firmware zero-day

Google warns of actively exploited Pixel firmware zero-day
2024-06-12 19:06

Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day.

Google tagged 44 other security bugs in this month's Pixel update bulletin, seven of which are privilege escalation vulnerabilities considered critical and impact various subcomponents.

While Pixel devices also run Android, they receive separate security and bug fix updates from the standard monthly patches distributed to all Android OEMs because of their exclusive features and capabilities and the unique hardware platform directly controlled by Google.

In April, Google fixed two other Pixel zero-days exploited by forensic firms to unlock phones without a PIN and access the data.

CVE-2024-29745 was tagged as a high-severity information disclosure bug in the Pixel bootloader, while CVE-2024-29748 is a high-severity privilege escalation bug in the Pixel firmware.

Google fixes fifth Chrome zero-day exploited in attacks this year.


News URL

https://www.bleepingcomputer.com/news/security/google-warns-of-actively-exploited-pixel-firmware-zero-day/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-04-05 CVE-2024-29748 Improper Handling of Exceptional Conditions vulnerability in Google Android
there is a possible way to bypass due to a logic error in the code.
local
low complexity
google CWE-755
7.8
2024-04-05 CVE-2024-29745 Use of Uninitialized Resource vulnerability in Google Android
there is a possible Information Disclosure due to uninitialized data.
local
low complexity
google CWE-908
5.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 141 994 4924 2873 1623 10414