Pixel Phone Zero-Days Exploited by Forensic Firms
04-Apr-24
Google has patched two zero-day vulnerabilities in its Pixel phones with the April 2024 security update, actively exploited by forensic firms to extract data from devices. Identified as CVE-2024-29745 and CVE-2024-29748, the flaws reside in Pixel’s bootloader and firmware, enabling targeted exploitation. GrapheneOS, a mobile platform focused on privacy and security, highlights the vulnerabilities and proposes mitigations, including zeroing memory during fastboot mode and implementing wipe-without-reboot functionality to enhance device security.
