Google Issues Alert for Actively Exploited Pixel Firmware Zero-Day Flaw 

2 Mins Read

PUREVPNNewsGoogle Issues Alert for Actively Exploited Pixel Firmware Zero-Day Flaw 

Google has recently patched its Pixel smartphones to address a range of security vulnerabilities, including a critical zero-day firmware flaw that has been actively exploited. If you own these devices, it is crucial to understand the risks and ensure your phone is updated immediately to stay protected.

Google Patches Security Threats

Google has resolved 50 security issues affecting Pixel smartphones in its latest updates. Among these, a particularly severe vulnerability stands out, identified as CVE-2024-32896. This flaw in the Pixel firmware, classified as an elevation of privilege (EoP) issue, has been rated as high-severity.

Google issued a warning about the flaw, stating, “There are indications that CVE-2024-32896 may be under limited, targeted exploitation.” This loophole was addressed in the security updates released on June 5, 2024 and Google advises all Pixel users to install them without delay to protect against potential exploits.

Related Read: Google Patches Fifth Zero-Day Exploit in Chrome This Year

Other Addressed Vulnerabilities

The June security bulletin for Pixel devices also highlighted 44 other security flaws, including seven privilege escalation vulnerabilities that pose significant risks. These bugs affect various subcomponents of the devices, demonstrating the complex nature of modern smartphone security.

Pixel smartphones, which operate on the Android OS, receive distinct security updates separate from the general monthly patches distributed to Android OEMs. This is due to their unique features and direct hardware control by Google, which necessitates specific attention to ensure robust security.

How to Secure Your Pixel Device

To apply the necessary security updates, Pixel users need to:

  1. Go to Settings > Security & privacy > System & updates > Security update.
  2. Tap Install and then restart your Pixel device to complete the update.

The update comes on the heels of another warning earlier this month from Arm concerning a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers, known as CVE-2024-4610, which has been exploited in the wild. 

This issue, a use-after-free flaw, affects all versions of these drivers from r34p0 to r40p0 and can lead to information disclosure and arbitrary code execution. In addition to these recent vulnerabilities, Google fixed two other critical zero-days in April, which were used by forensic firms to bypass phone locks and access data without a PIN.

author

Anas Hasan

date

June 13, 2024

time

1 month ago

Anas Hassan is a tech geek and cybersecurity enthusiast. He has a vast experience in the field of digital transformation industry. When Anas isn’t blogging, he watches the football games.

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.