Google Issues Warning on Actively Exploited Pixel Firmware Zero-Day

The search giant recently issued a warning about an actively exploited zero-day vulnerability in its Google Pixel firmware. Moreover, it has rolled out patches for a total of 50 security vulnerabilities affecting Pixel devices. Tracked as CVE-2024-32896, this elevation of privilege (EoP) flaw has been ranked as a high-severity security issue. According to Google, there are hints that CVE-2024-32896 has been targeted for limited exploitation. Google stated:

“All supported Google devices will receive an update to the 2024-06-05 patch level. We encourage all customers to accept these updates to their devices”

Other than CVE-2024-32896, Google also identified 44 security bugs in this month’s Pixel update bulletin. Even though, seven of these vulnerabilities are critical privilege escalation issues that impact different subcomponents.

Google Warns Of Pixel Firmware Zero-Day Under Targeted Exploitation

Despite running Android, Google Pixel phones get separate security updates from standard monthly patches. These updates are distributed to all Android OEMs due to their exclusive features, capabilities, and unique hardware platform directly managed by Google. Users can find more details on the June 2024 updates for Pixel devices in Google’s dedicated security bulletin.

To apply the security update, Pixel users need to follow these steps:

• Navigate to Settings
• Head to Security & privacy
• Select System & updates
• Tap Security update
• Tap Install
• Restart the device to complete the update process

Earlier this month, ARM also issued a warning about a memory-related vulnerability (CVE-2024-4610) in Bifrost and Valhall GPU kernel drivers, which was likewise exploited in the wild. The use-after-free (UAF) vulnerability impacts all versions of Bifrost and Valhall drivers from r34p0 through r40p0. Attackers can exploit this vulnerability to gain information disclosure and execute arbitrary code.