Attackers attack devices: Extra security updates for Google Pixel
Patches close several critical security gaps in Google's Pixel series. One vulnerability is already being exploited.
Unidentified attackers are currently targeting Google smartphones in the Pixel series. To counteract this, the manufacturer has released security updates.
Attacks on smartphones
In addition to the monthly patch day, Google offers extra security updates for its Pixel devices when necessary. This is once again the case and owners should install the patches quickly. In a post, Google states that there are indications that a vulnerability (CVE-2024-32896 "high") is being exploited to a limited extent and in a targeted manner. No further information is currently known.
The bug is said to affect the firmware. If attackers successfully exploit the vulnerability, they will have higher privileges. Such a position is usually the starting point for further attacks.
Further threats
The update also closes over 50 other security vulnerabilities. Some of these are classified as "critical". They affect the Goodix, LDFW and Mali subcomponents, among others. It is also possible to gain higher privileges here. How attacks can take place is currently unknown.
A WLAN vulnerability (CVE-2024-32913 "high") can allow malicious code onto devices. The same applies to two CPIF vulnerabilities (CVE-202429786 "high", CVE-2024-32905 "high"). In addition, information can be leaked and attackers can trigger DoS states so that software crashes. Various Qualcomm components are also vulnerable.
Patch now!
Owners of Pixel devices should check in the settings whether the patch level 2024-06-05 is already installed. Here owners can find out whether their device is still in support and receiving updates.
(des)