Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic firms.
The higher-severity zero-working day vulnerabilities are as follows –
- CVE-2024-29745 – An info disclosure flaw in the bootloader element
- CVE-2024-29748 – A privilege escalation flaw in the firmware element
“There are indications that the [vulnerabilities] may be beneath confined, focused exploitation,” Google explained in an advisory revealed April 2, 2024.

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
Though the tech huge did not reveal any other details about the mother nature of the attacks exploiting these shortcomings, the maintainers of GrapheneOS stated they “are becoming actively exploited in the wild by forensic businesses.”
“CVE-2024-29745 refers to a vulnerability in the fastboot firmware employed to help unlocking/flashing/locking,” they claimed in a series of posts on X (previously Twitter).
“Forensic businesses are rebooting units in Immediately after To start with Unlock condition into fastboot method on Pixels and other equipment to exploit vulnerabilities there and then dump memory.”
GrapheneOS mentioned that CVE-2024-29748 could be weaponized by area attackers to interrupt a manufacturing unit reset triggered via the machine admin API.
The disclosure will come extra than two months right after the GrapheneOS staff uncovered that forensic companies are exploiting firmware vulnerabilities that effects Google Pixel and Samsung Galaxy telephones to steal knowledge and spy on end users when the system is not at rest.
It also urged Google to introduce an auto-reboot function to make exploitation of firmware flaws a lot more challenging.
Found this write-up interesting? Observe us on Twitter and LinkedIn to examine far more special material we submit.
Some elements of this article are sourced from:
thehackernews.com