Security
Headlines
HeadlinesLatestCVEs

Headline

Update now! Google Pixel vulnerability is under active exploitation

Google revealed that a firmware vulnerability in its Pixel devices has been under limited active exploitation

Malwarebytes
#vulnerability#ios#android#google

Google has notified Pixel users about an actively exploited vulnerability in their phones’ firmware.

Firmware is the code or program which is embedded into hardware devices. Simply put, it is the software layer between the hardware and the applications on the device.

About the vulnerability, Google said there are indications it may be:

“under limited, targeted exploitation.”

This could mean that the discovered attacks were very targeted, for example by state-sponsored actors or industry-grade spyware. However, it’s still a good idea to get these patches as soon as you can. And whether you have a Pixel or not, all Android users should make sure they’re using the latest version available, because the June 2024 security update addresses a total of 50 security vulnerabilities.

Updates to address this issue are available for supported Pixel devices, such as Pixel 5a with 5G, Pixel 6a, Pixel 6, Pixel 6 Pro, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel 8, Pixel 8 Pro, Pixel 8a, and Pixel Fold.

For these Google devices, security patch levels of 2024-06-05 or later address this issue. You can find your device’s Android version number, security update level, and Google Play system level in your Settings app.

You should get notifications when updates are available for you, but it’s not a bad idea to manually check for updates. For most phones it works like this: Under About phone or About device you can tap on Software updates to check if there are new updates available for your device, although there may be slight differences based on the brand, type, and Android version of your device.

Technical details

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVE for this vulnerability is:

CVE-2024-32896: an elevation of privilege (EoP) issue in Pixel firmware.

An elevation of privilege vulnerability occurs when an application gains permissions or privileges that should not be available to them. This can be a key element in an attack chain when a cybercriminal wants to move forward from initial access to a device to a full compromise.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Related news

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories and its sub-directories,

Google Confirms CVE-2024-32896 Exploited in the Wild, Releases Android Security Patch

Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component. According to the description of the bug in the NIST National

Google Patches New Android Kernel Vulnerability Exploited in the Wild

Google has addressed a high-severity security flaw impacting the Android kernel that it has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel. "There are indications that CVE-2024-36971 may be under limited, targeted exploitation," the tech giant noted in its monthly Android security

Malwarebytes: Latest News

“Sad announcement” email leads to tech support scam