Google修補Pixel手機零時差漏洞,傳出遭鑑識公司利用
· 2024-04-09
4月份Pixel手機的例行更新於上週發布,其中有2個已遭利用的零時差漏洞,特別的是,將其用於攻擊行動的竟是鑑識公司
4月2日Google針對Pixel手機推出本月例行更新,並提及其中有2個高風險漏洞CVE-2024-29745、CVE-2024-29748,已被用於針對有限目標的攻擊行動。
其中,CVE-2024-29745為資訊洩露漏洞,與開機載入工具有關;CVE-2024-29748為權限提升漏洞,涉及手機韌體,兩者皆為高風險層級的漏洞。
而對於上述兩項零時差漏洞,通報此事的Android作業系統GrapheneOS開發團隊進一步提出說明,並表示有鑑識公司正在利用這些漏洞。
針對對方利用漏洞的方法,研究人員表示,CVE-2024-29745是存在於快速開機(fastboot)韌體,鑑識公司重新啟動裝置並進入After First Unlock狀態,從而在Pixel手機截取記憶體內容。
至於另一個漏洞CVE-2024-29748,則是可被用於阻撓裝置管理員回復原廠設定,而使得執行復原動作不安全。
Popular articles
HUIDU Invites You to Booth T70 at iGB L!VE 2026 — Let’s Ignite London This July!
HUIDU Focus
1spin4win grows its Latin American presence by partnering with Fortuna Juegos
Online Game
GAT CDMX 2025 Institutional Academy: Leaders and Experts Analyze the Present and Future of the Gaming Industry in Mexico and Lat
Sports Game
1spin4win releases unique slot Don Catleone Hold and Win featuring gangster cats
Online Game
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
GAT Expo Puerto Rico Will Pulse with the New Era of Gaming in the Caribbean
Marketing
JILI Partners with Cricket Legend AB de Villiers (ABD) to Launch Exclusive Branded Game Series 100% 11
Sports Game
Indiana online casino bill stalls in House committee
Regulation
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
UK MPs reopen 2025 gambling inquiry as reform stalls
Regulation
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
PropellerAds Shared a New iGaming Case Study: 97,674 Installs and 12,701 Deposits in 3 Months
Marketing
Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags
Southeast Asia
British gambling levy rates confirmed for each vertical
Regulation
