Article Details

Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies. Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows - "There are indications that the [vulnerabilities] may be under limited, targeted exploitation," Google said in an advisory published April 2, 2024. While the tech giant did not reveal any other information about the nature of the attacks exploiting these shortcomings, the maintainers of GrapheneOS said they "are being actively exploited in the wild by forensic companies." "CVE-2024-29745 refers to a vulnerability in the fastboot firmware used to support unlocking/flashing/locking," they said in a series of posts on X (formerly Twitter). "Forensic companies are rebooting devices in After First Unlock state into fastboot mode on Pixels and other devices to exploit vulnerabilities there and then dump memory." GrapheneOS noted that CVE-2024-29748 could be weaponized by local attackers to interrupt a factory reset triggered via the device admin API. The disclosure comes more than two months after the GrapheneOS team revealed that forensic companies are exploiting firmware vulnerabilities that impact Google Pixel and Samsung Galaxy phones to steal data and spy on users when the device is not at rest. It also urged Google to introduce an auto-reboot feature to make exploitation of firmware flaws more difficult. The Strategic Guide to Cloud Security Unlock practical steps to securing everything you build and run in the cloud. Goodbye, Atlassian Server. Goodbye… Backups? Protect your data on Atlassian Cloud from disaster with Rewind's daily backups and on-demand restores. How to Update and Automate Outdated Security Processes Download the eBook for step-by-step guidance on how to update your security processes as your business grows.