Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies.
The high-severity zero-day vulnerabilities are as follows -
- CVE-2024-29745 - An information disclosure flaw in the bootloader component
- CVE-2024-29748 - A privilege escalation flaw in the firmware component
"There are indications that the [vulnerabilities] may be under limited, targeted exploitation," Google said in an advisory published April 2, 2024.
While the tech giant did not reveal any other information about the nature of the attacks exploiting these shortcomings, the maintainers of GrapheneOS said they "are being actively exploited in the wild by forensic companies." Read More..