Google warns of actively exploited Pixel firmware zero-day

Google has launched patches for 50 safety vulnerabilities impacting its Pixel units and warned that certainly one of them had already been focused in assaults as a zero-day.

Tracked as CVE-2024-32896, this elevation of privilege (EoP) flaw within the Pixel firmware has been rated a high-severity safety difficulty.

“There are indications that CVE-2024-32896 may be under limited, targeted exploitation,” the corporate warned this Tuesday.

“All supported Google devices will receive an update to the 2024-06-05 patch level. We encourage all customers to accept these updates to their devices.”

Google tagged 44 different safety bugs on this month’s Pixel replace bulletin, seven of that are privilege escalation vulnerabilities thought of crucial and influence numerous subcomponents.

Whereas Pixel units additionally run Android, they obtain separate safety and bug repair updates from the usual month-to-month patches distributed to all Android OEMs due to their unique options and capabilities and the distinctive {hardware} platform straight managed by Google.

Yow will discover extra particulars on the June 2024 updates for the Pixel within the safety bulletin devoted to Google’s personal smartphone vary.

To use the safety replace, Pixel customers should go to Settings > Safety & privateness > System & updates > Safety replace, faucet Set up, and restart the machine to finish the replace course of.

Earlier this month, Arm warned of a memory-related vulnerability (CVE-2024-4610) in Bifrost and Valhall GPU kernel drivers exploited within the wild.

This use-after-free vulnerability (UAF) impacts all variations of Bifrost and Valhall drivers from r34p0 by r40p0, and it may be exploited in assaults that result in info disclosure and arbitrary code execution.

In April, Google mounted two different Pixel zero-days exploited by forensic corporations to unlock telephones with no PIN and entry the information. CVE-2024-29745 was tagged as a high-severity info disclosure bug within the Pixel bootloader, whereas CVE-2024-29748 is a high-severity privilege escalation bug within the Pixel firmware.

Recent articles

Chinese language APT Gelsemium Targets Linux Methods with New WolfsBane Backdoor

î ‚Nov 21, 2024î „Ravie LakshmananCyber Espionage / Malware The China-aligned superior...

Operation Shipwrecked: US Seizes PopeyeTools Market, Fees 3

The US Division of Justice has taken down PopeyeTools,...