.png)
Google recently addressed two zero-day vulnerabilities in Pixel smartphones that were being actively exploited by some forensic companies. One of the vulnerabilities was found in the Pixel fastboot firmware, while the other was in the bootloader.
The vulnerabilities were disclosed in Google's April 2024 Pixel Update Bulletin, which also mentions security update 2024-04-05. Google has reported that there are signs that the vulnerabilities, known as CVE-2024-29745 and CVE-2024-29748, are being targeted and exploited in a limited manner. The team behind GrapheneOS, a privacy-focused version of Android, tweeted about these vulnerabilities being actively exploited by forensic companies, although the specific companies have not been identified.
According to the developers, vulnerability CVE-2024-29745 affects the fastboot firmware of Pixel devices, which is responsible for ensuring smooth locking and unlocking of the devices. Vulnerability CVE-2024-29748 is related to issues that arise when a device admin app attempts to perform a factory reset.
English (US)