First published: Mon Jan 06 2025(Updated: )
In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Credit: security@android.com
Affected Software | Affected Version | How to fix |
---|---|---|
Android |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2024-49734 is classified as high due to the potential for remote information disclosure.
To fix CVE-2024-49734, update your Android device to the latest version provided by Google.
CVE-2024-49734 affects multiple versions of Google's Android operating system.
Yes, CVE-2024-49734 can be exploited remotely without requiring additional execution privileges.
Users may face risks of having their browsing information disclosed through VPN connections.