Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day

Cyber Security

Jun 13, 2024NewsroomMobile Security / Vulnerability

Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day.

The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware.

The company did not share any additional details related to the nature of attacks exploiting it, but noted “there are indications that CVE-2024-32896 may be under limited, targeted exploitation.”

The June 2024 security update addresses a total of 50 security vulnerabilities, five of which relate to various components in Qualcomm chipsets.

Some of the notable issues patched include denial-of-service (DoS) issue impacting Modem, and numerous information disclosure flaws affecting GsmSs, ACPM, and Trusty.

The updates are available for supported Pixel devices, such as Pixel 5a with 5G, Pixel 6a, Pixel 6, Pixel 6 Pro, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel 8, Pixel 8 Pro, Pixel 8a, and Pixel Fold.

Earlier this April, Google resolved two security flaws in the bootloader and firmware components (CVE-2024-29745 and CVE-2024-29748) that were weaponized by forensic companies to steal sensitive data.

Then last week, Arm notified users of a memory-related vulnerability (CVE-2024-4610) in Bifrost and Valhall GPU kernel drivers that has come under active exploitation.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Articles You May Like

Google Pixel 9a Design Spotted in Leaked Live Images With Oval-Shaped Rear Camera Module
No GTA 6 Trailer a Year After Reveal as Fans Wait for Official Update From Rockstar Games
Intel adds two new directors with CEO search underway
Reddit Answers, an AI-Powered Conversational Summaries Feature Introduced
Uber will offer robotaxi rides in Abu Dhabi through partnership with WeRide