Google has revealed that two Android security flaws affecting its Pixel smartphones were exploited in the wild by forensics firms.
High severity zero-day vulnerabilities are as follows:
- CVE-2024-29745 – An information disclosure flaw in the bootloader component
- CVE-2024-29748 – A privilege escalation flaw in the firmware component
“There are indications that the [vulnerabilities] may be subject to limited, targeted exploitation,” Google said in a notice published on April 2, 2024.
While the tech giant did not reveal any other information about the nature of the attacks that exploit these flaws, GrapheneOS maintainers said that they are “actively exploited in the wild by forensics companies.”
“CVE-2024-29745 refers to a vulnerability in the fastboot firmware used to support unlocking/flashing/locking,” they said. She said in a series of posts on X (formerly Twitter).
“Forensic companies are rebooting devices in the After First Unlock state into fastboot mode on Pixel and other devices to exploit vulnerabilities and thus dump memory.”
GrapheneOS noted that CVE-2024-29748 could be weaponized by local attackers to disrupt a factory reset triggered via the Device Administration API.
The disclosure comes more than two months after the GrapheneOS team’s disclosure revealed that forensics firms are exploiting firmware vulnerabilities impacting Google Pixel and Samsung Galaxy phones to steal data and spy on users when the device is not at rest.
He also urged Google to introduce an auto-restart feature to make it harder to exploit firmware flaws.