Google issues an alert regarding a security flaw affecting Pixel Firmware that has been utilized as a zero-day exploit.
The significant vulnerability, identified as CVE-2024-32896, is characterized as an elevation of privilege concern in Pixel Firmware.
It was mentioned by the company that no further information was disclosed concerning the methods used in the exploitation, but there were indicators suggesting that CVE-2024-32896 might be exploited in a targeted and limited manner.
The security update for June 2024 deals with a total of 50 security vulnerabilities, with five of them associated with different aspects of Qualcomm chipsets.
Among the notable issues fixed are a denial-of-service (DoS) problem affecting Modem, as well as various information disclosure vulnerabilities impacting GsmSs, ACPM, and Trusty.
The updates are accessible for supported Pixel devices, including Pixel 5a with 5G, Pixel 6a, Pixel 6, Pixel 6 Pro, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel 8, Pixel 8 Pro, Pixel 8a, and Pixel Fold.
In a previous instance in April, Google resolved two security vulnerabilities in the bootloader and firmware components (CVE-2024-29745 and CVE-2024-29748) that were exploited by forensic entities to extract sensitive data.
Additionally, last week, Arm informed users about a memory-related vulnerability (CVE-2024-4610) in Bifrost and Valhall GPU kernel drivers that is actively being exploited.
About Author
