Home Cyber Security Google Warns: Android Zero-Day Flaws in Pixel Telephones Exploited by Forensic Corporations – Supply:thehackernews.com

Google Warns: Android Zero-Day Flaws in Pixel Telephones Exploited by Forensic Corporations – Supply:thehackernews.com

0
Google Warns: Android Zero-Day Flaws in Pixel Telephones Exploited by Forensic Corporations – Supply:thehackernews.com

Supply: thehackernews.com – Author: .

Android Zero-Day Flaw

Google has disclosed that two Android safety flaws impacting its Pixel smartphones have been exploited within the wild by forensic corporations.

The high-severity zero-day vulnerabilities are as follows –

  • CVE-2024-29745 – An data disclosure flaw within the bootloader part
  • CVE-2024-29748 – A privilege escalation flaw within the firmware part

“There are indications that the [vulnerabilities] may be under limited, targeted exploitation,” Google said in an advisory printed April 2, 2024.

Whereas the tech big didn’t reveal some other details about the character of the assaults exploiting these shortcomings, the maintainers of GrapheneOS mentioned they “are being actively exploited in the wild by forensic companies.”

Cybersecurity

“CVE-2024-29745 refers to a vulnerability in the fastboot firmware used to support unlocking/flashing/locking,” they said in a collection of posts on X (previously Twitter).

“Forensic companies are rebooting devices in After First Unlock state into fastboot mode on Pixels and other devices to exploit vulnerabilities there and then dump memory.”

GrapheneOS famous that CVE-2024-29748 could possibly be weaponized by native attackers to interrupt a manufacturing unit reset triggered by way of the system admin API.

The disclosure comes greater than two months after the GrapheneOS crew revealed that forensic corporations are exploiting firmware vulnerabilities that impression Google Pixel and Samsung Galaxy telephones to steal information and spy on customers when the system just isn’t at relaxation.

It additionally urged Google to introduce an auto-reboot function to make exploitation of firmware flaws tougher.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we put up.

Unique Put up url: https://thehackernews.com/2024/04/google-warns-android-zero-day-flaws-in.html


Author: CISO2CISO Editor 2
Date: 2024-04-03 13:59:19

Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here