In a recent advisory published on April 2, 2024, Google revealed that two security vulnerabilities affecting its Pixel smartphones have been exploited by forensic companies. These vulnerabilities, identified as CVE-2024-29745 and CVE-2024-29748, have been actively used in targeted attacks.

While Google did not disclose specific details about the attacks exploiting these flaws, the maintainers of GrapheneOS, a privacy-focused Android operating system, stated that forensic companies are taking advantage of these vulnerabilities in the wild.

The first vulnerability, CVE-2024-29745, is an information disclosure flaw present in the bootloader component of the affected phones. Forensic companies are reportedly exploiting this flaw to gain unauthorized access to sensitive information stored on the devices.

The second vulnerability, CVE-2024-29748, is a privilege escalation flaw within the firmware component of the smartphones. This flaw allows local attackers to interrupt a factory reset triggered via the device admin API.

GrapheneOS has also highlighted that forensic companies are rebooting devices into fastboot mode to exploit the vulnerabilities and extract memory content. This indicates that the targeted attacks are aimed at extracting valuable data.

The disclosure of these security flaws comes after GrapheneOS previously revealed that forensic companies were exploiting firmware vulnerabilities in both Google Pixel and Samsung Galaxy phones to steal data and spy on users. The team behind GrapheneOS has urged Google to introduce an auto-reboot feature to increase the difficulty of exploiting firmware flaws.

Google has not provided any information regarding the extent of the damage caused by these security flaws or the number of devices affected. However, it is clear that urgent action is required to address these vulnerabilities and protect user data.

As the situation continues to evolve, it is crucial for Pixel smartphone users to remain vigilant and ensure that their devices are updated with the latest security patches. Additionally, Google must take proactive measures to patch these vulnerabilities and enhance the overall security of its mobile ecosystem.

Note: This news article is based on the information provided in the user's text without any additional entities, numbers, or dates included.