Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day
What specific actions does the June 2024 security update take to address the CVE-2024-32896 vulnerability in Pixel Firmware?
The June 2024 security update addresses the CVE-2024-32896 vulnerability in Pixel Firmware by providing fixes for the elevation of privilege issue. The update includes patches for various components in Qualcomm chipsets and resolves other security vulnerabilities such as denial-of-service (DoS) issues impacting Modem, and numerous information disclosure flaws affecting GsmSs, ACPM, and Trusty. The update is available for supported Pixel devices, including Pixel 5a with 5G, Pixel 6a, Pixel 6, Pixel 6 Pro, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel 8, Pixel 8 Pro, Pixel 8a, and Pixel Fold.
Can you list the Pixel devices that are eligible for the June 2024 security update?
The Pixel devices eligible for the June 2024 security update include:
- Pixel 5a with 5G
- Pixel 6a
- Pixel 6
- Pixel 6 Pro
- Pixel 7
- Pixel 7 Pro
- Pixel 7a
- Pixel 8
- Pixel 8 Pro
- Pixel 8a
- Pixel Fold
These devices will receive updates to address the security vulnerabilities mentioned in the June 2024 Android Security Bulletin.
What type of vulnerability is CVE-2024-32896, and how does it affect Pixel devices?
CVE-2024-32896 is a high-severity vulnerability affecting Pixel devices, specifically in Pixel Firmware. It has been classified as an elevation of privilege issue. This type of vulnerability allows an attacker to gain elevated access privileges on the device, potentially leading to unauthorized access to sensitive data or control over the device5.
The vulnerability has been reported as being under limited, targeted exploitation, meaning that it has been used in real-world attacks against specific targets. Google has addressed this vulnerability in the June 2024 security update, which is available for supported Pixel devices.