Potential Bypass of Security Measures Through Logic Error

CVE-2024-29748

7.8HIGH

Key Information

Vendor: Google
Status: Android
Vendor: CVE Published:; 5 April 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

The first article discusses the warning from Google to Pixel smartphone users due to the exploitation of two zero-day vulnerabilities, CVE-2024-29745 and CVE-2024-29748, by forensic firms. These vulnerabilities enable information disclosure and privilege escalation, with potential exploitation in the wild. Meanwhile, the second article provides a detailed overview of the two zero-day vulnerabilities affecting Pixel smartphones, highlighting the exploitation by forensic companies and the potential impact on user data and encryption keys. Both articles stress the importance of prompt patching and enhanced data protection measures to mitigate the risks posed by these vulnerabilities.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-29748 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Android = Android kernel

News Articles

BleepingComputer

CVE-2024-32896CVE-2024-29748

Google patches exploited Android zero-day on Pixel devices

Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day.

4 months ago