CVE-2024-49734 Information

Description

In multiple functions of ConnectivityService.java there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Reference

https://source.android.com/security/bulletin/2025-01-01