Skip to content

Google Releases Patches for Pixel Zero-Days - 20240408003

Overview

The WA SOC has been made aware of Zero-Day vulnerbilities that affect Google Pixel Devices. Google states that there are indications that the vulnerabilities may be under limited, targeted exploitation.

Google has released patches for these vulnerabilities and strongly encourages all users to apply the patches immediately.

What is vulnerable?

CVE Severity CVSS Product(s) Affected Summary Dated
CVE-2024-29748 N/A Not yet rated versions before security patch levels of 2024-04-05 Android Pixel Privilege Escalation Vulnerability 05/04/2024
CVE-2024-29745 N/A Not yet rated versions before security patch levels of 2024-04-05 Android Pixel Information Disclosure Vulnerability 05/04/2024

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of two weeks (refer Patch Management):

Additional References