CVE-2024-29745 & CVE-2024-29748: Critical Google Pixel Flaws Exploited – Update Immediately

Google has revealed in their April 2024 Pixel Update Bulletin that several serious security flaws could be putting your Pixel device at risk. Two of these vulnerabilities, labeled CVE-2024-29745 and CVE-2024-29748, are already being exploited by bad actors – meaning the time to update is now.

CVE-2024-29745 and CVE-2024-29748

What’s at Stake?

These vulnerabilities, both given a “high severity” rating, affect the very core of your Pixel phone:

  • CVE-2024-29745 (Information Disclosure Flaw): Hackers could use this to leak sensitive data stored on your device.
  • CVE-2024-29748 (Elevation of Privilege Flaw): Attackers could gain unauthorized control of your device, potentially accessing personal information or even installing malicious software.

There are indications that the following may be under limited, targeted exploitation,” Google said.

The company warns that the risk of falling victim to these attacks could be higher if you are specifically targeted by malicious individuals or organizations.

More Problems in the Patch

The April 2024 update also addresses a separate critical flaw labeled CVE-2024-29740. While not yet known to be exploited, this vulnerability needs urgent attention.

Which Devices Are Affected?

The following Pixel models are vulnerable:

  • Pixel 8 & 8 Pro
  • Pixel 7a
  • Pixel 7 & 7 Pro
  • Pixel 6a, 6, & 6 Pro
  • Pixel Fold
  • Pixel 5a with 5G

What You MUST Do

  1. Update Immediately: If you own one of the affected Pixel devices, install the April 2024 security patch without delay. Updates typically roll out automatically, but you can manually check under Settings > System > System Update.
  2. Stay Vigilant: Even after the update, good cybersecurity habits are crucial. Beware of suspicious links, and unusual app requests, and download apps only from trusted sources like the Google Play Store.