Uninitialized Data Leads to Local Information Disclosure

CVE-2024-29745

5.5MEDIUM

Key Information

Vendor: Google
Status: Android
Vendor: CVE Published:; 5 April 2024

Badges

😄 Trended👾 Exploit Exists📰 News Worthy

Summary

Two critical zero-day vulnerabilities, CVE-2024-29745 and CVE-2024-29748, have been patched in Pixel smartphones by Google in the April 2024 security update. Forensic firms had been actively exploiting these vulnerabilities in the wild to extract personal data. CVE-2024-29745 allows information disclosure, while CVE-2024-29748 enables privilege escalation. The exploitation of these vulnerabilities could lead to unauthorized access and control over affected systems, highlighting the potential risk of data breaches and system compromise. It is recommended that all Pixel users update their devices to the latest security patch to mitigate these vulnerabilities.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-29745 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.