Google has fixed two zero-day vulnerabilities in Pixel smartphones that are said to be actively exploited by some forensic companies. One vulnerability was in the Pixel fastboot firmware, while the other vulnerability was in the bootloader.
Google mentions the vulnerabilities in its April 2024 Pixel Update Bulletin in which it also refers to security update 2024-04-05. The company notes that there are indications that two vulnerabilities, CVE-2024-29745 and CVE-2024-29748, are being exploited in a limited and targeted manner. The developers of GrapheneOS, a privacy-friendly fork of Android, https://twitter.com/GrapheneOS/status/1775305179581018286 that these vulnerabilities are actively abused by forensic companies. It is not known which companies these are.
According to the developers, vulnerability CVE-2024-29745 is located in the fastboot firmware of Pixel devices, which helps ensure trouble-free locking and unlocking of the devices. Vulnerability CVE-2024-29748 refers to a vulnerability that arises when a device admin app want to do a factory reset.
Tags: Google fixes actively exploited vulnerabilities Pixel smartphones Tablets phones News