Home Cyber Security Android Zero-Day Flaws in Pixel Telephones Exploited by Forensic Firms

Android Zero-Day Flaws in Pixel Telephones Exploited by Forensic Firms

0
Android Zero-Day Flaws in Pixel Telephones Exploited by Forensic Firms

Apr 03, 2024NewsroomCell Safety / Zero Day

Android Zero-Day Flaw

Google has disclosed that two Android safety flaws impacting its Pixel smartphones have been exploited within the wild by forensic firms.

The high-severity zero-day vulnerabilities are as follows –

  • CVE-2024-29745 – An info disclosure flaw within the bootloader part
  • CVE-2024-29748 – A privilege escalation flaw within the firmware part

“There are indications that the [vulnerabilities] may be under limited, targeted exploitation,” Google said in an advisory revealed April 2, 2024.

Whereas the tech big didn’t reveal another details about the character of the assaults exploiting these shortcomings, the maintainers of GrapheneOS mentioned they “are being actively exploited in the wild by forensic companies.”

Cybersecurity

“CVE-2024-29745 refers to a vulnerability in the fastboot firmware used to support unlocking/flashing/locking,” they said in a sequence of posts on X (previously Twitter).

“Forensic companies are rebooting devices in After First Unlock state into fastboot mode on Pixels and other devices to exploit vulnerabilities there and then dump memory.”

GrapheneOS famous that CVE-2024-29748 may very well be weaponized by native attackers to interrupt a manufacturing facility reset triggered through the gadget admin API.

The disclosure comes greater than two months after the GrapheneOS staff revealed that forensic firms are exploiting firmware vulnerabilities that influence Google Pixel and Samsung Galaxy telephones to steal information and spy on customers when the gadget is just not at relaxation.

It additionally urged Google to introduce an auto-reboot function to make exploitation of firmware flaws tougher.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.


Author: data@thehackernews.com (The Hacker Information)
Date: 2024-04-03 12:10:00

Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here