Google fixes two currently exploited Pixel vulnerabilities

Google fixes two currently exploited Pixel vulnerabilities

Pierluigi Paganini
April 3, 2024

Google has addressed several vulnerabilities in Android and Pixel devices, including two flaws that are being actively exploited.

Google has addressed 28 vulnerabilities in Android and 25 flaws in Pixel devices. The two issues fixed by the IT giant are tracked as CVE-2024-29745 and CVE-2024-29748 and are being actively exploited in the wild.

The most significant flaw the company addressed was local privilege escalation that affected system components and did not require additional execution privileges.

“The most serious of these issues are advanced security vulnerabilities in system components that could allow local elevation of privilege without requiring additional execution privileges.” read Android Security Bulletin – April 2024.

“There are indications that the following may be subject to limited and targeted exploitation,” reads the advisory.

• CVE-2024-29745
• CVE-2024-29748”

The company did not provide details of the attack, but this type of bug has been actively exploited by nation-state attackers and commercial spyware vendors in the past.

CVE-2024-29745 is a high severity information disclosure issue in the bootloader and CVE-2024-29748 is a severity elevation of privilege issue in Pixel firmware.

of 2024-04-01 Security Patch Level Addressed eight high-severity flaws in the framework and systems. Issues addressed include privilege escalation, information disclosure, and denial of service flaws.

of 2024-04-05 Security Patch Level Addressed 20 vulnerabilities in MediaTek, Widevine, and Qualcomm components.

Follow us on Twitter: @securityaffairs and Facebook and mastodon

Pierluigi Paganini

(Security related matters – hacking, android)