Two Google Pixel Android flaws actively exploited
Take action: Not a panic mode patch since exploiting of these flaws requires that someone has access to your phone. But that's not impossible to happen, devices can be stolen or lost. So update your Android OS.
Learn More
Google has reported that two vulnerabilities in its Pixel smartphones are actively being exploited in targeted attacks. The vulnerabilities are tracked as CVE-2024-29745 (CVSS score 7.2) and CVE-2024-29748 (CVSS score 4.8) exposing information disclosure and privilege escalation.
- CVE-2024-29745 is an information disclosure vulnerability within the bootloader component. This flaw could lead to the compromise of data confidentiality, exposing sensitive information. Attackers can reboot devices into fastboot mode after an initial unlock, enabling them to dump device memory.
- CVE-2024-29748 is a privilege escalation vulnerability within the firmware component. It enables unauthorized individuals to gain control over affected devices, potentially allowing for a wide range of malicious activities. It alloes attackers to interrupt a device admin app during a factory reset.
Developers from GrapheneOS and the Cybersecurity and Infrastructure Security Agency (CISA) have also reported the active exploitation of these flaws. It must be noted that exploiting of these devices requires physical access to the attacked device.
Google advises Pixel users to update their devices as soon as possible.
