Google has paid out $70,000 to a security researcher for privately reporting an “accidental” security bug that allowed anyone to unlock Google Pixel phones without knowing its passcode.
The lock screen bypass bug, tracked as CVE-2022-20465, is described as a local escalation of privilege bug because it allows someone, with the device in their hand, to access the device’s data without having to enter the lock screen’s passcode.
Hungary-based researcher David Schütz said the bug was remarkably simple to exploit but took Google about five months to fix.
Schütz discovered a
コメント