this post was submitted on 08 Apr 2025
62 points (100.0% liked)

GrapheneOS [Unofficial]

3578 readers
6 users here now

Official announcements from the GrapheneOS project.

Subscribe to this community or add it to your RSS reader in order to be notified about new releases and important updates.

Search c/GrapheneOS.

For discussions about the GrapheneOS project, visit our forum or join our community chat.

Our Code of Conduct.

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility. This is a community based around the GrapheneOS projects including the hardened Android Open Source Project fork, Auditor, AttestationServer, the hardened malloc implementation and other projects.

Please use our official install guides for installation and check our features pageusage guide and FAQ for information before asking questions in our discussion forum or chat rooms to get as much information as possible from what we've already carefully written/reviewed for our site.

Contact the moderators of this community if you have any questions or concerns.

founded 4 years ago
MODERATORS
KindnessInfinity@lemmy.ml
maade@lemmy.ml
akc3n@lemmy.ml
treequell@lemmy.world
other8026@lemmy.ml
Metr0pl3X@lemmy.ml
akc3n@grapheneos.social
Skorp@sh.itjust.works
62
Two More Vulnerabilities Found To Be Exploited In The Wild and GrapheneOS Prevented Them (grapheneos.social)
submitted 9 months ago by KindnessInfinity@lemmy.ml to c/grapheneos@lemmy.ml
5 comments fedilink hide all child comments
 

Android Security Bulletin for April 2025 has 2 more vulnerabilities marked as being exploited in the wild.

GrapheneOS fully prevented exploiting both vulnerabilities for locked devices, made both far harder to exploit while unlocked and already had both patched for a while too.

CVE-2024-53150: heap overflow (read) in a Linux kernel USB sound card driverCVE-2024-53197: heap overflow (write) in a Linux kernel USB sound card driver

These vulnerabilities were being exploited by Cellebrite for data extraction from locked Android devices without GrapheneOS.

We have a post from late February about CVE-2024-53197 and 2 other bugs exploited by Cellebrite which they were blocked from exploiting by GrapheneOS:

https://discuss.grapheneos.org/d/20402-cellebrite-exploits-used-to-target-serbian-student-activist

CVE-2024-53150 is almost certainly part of the same batch of vulnerabilities they've been exploiting.

https://discuss.grapheneos.org/d/20401-grapheneos-improvements-to-protection-against-data-extraction-since-2024 covers how we've greatly improved the GrapheneOS defenses against these attacks since early 2024. We're continuing to work on improving it.

We helped get firmware security improvements to Pixels and are advocating for further hardware/firmware changes.

you are viewing a single comment's thread
view the rest of the comments