Google Releases Patches for Pixel Zero-Days - 20240408003¶
Overview¶
The WA SOC has been made aware of Zero-Day vulnerbilities that affect Google Pixel Devices. Google states that there are indications that the vulnerabilities may be under limited, targeted exploitation.
Google has released patches for these vulnerabilities and strongly encourages all users to apply the patches immediately.
What is vulnerable?¶
| CVE | Severity | CVSS | Product(s) Affected | Summary | Dated |
|---|---|---|---|---|---|
| CVE-2024-29748 | N/A | Not yet rated | versions before security patch levels of 2024-04-05 | Android Pixel Privilege Escalation Vulnerability | 05/04/2024 |
| CVE-2024-29745 | N/A | Not yet rated | versions before security patch levels of 2024-04-05 | Android Pixel Information Disclosure Vulnerability | 05/04/2024 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of two weeks (refer Patch Management):