June 13, 2024 at 04:00AM
Google has warned of a zero-day security flaw, CVE-2024-32896, in Pixel Firmware, being exploited in targeted attacks. The June 2024 security update addresses a total of 50 vulnerabilities, including denial-of-service issues and information disclosure flaws in Qualcomm chipsets. Updates are available for supported Pixel devices. Previous security flaws have also been resolved.
Meeting takeaway:
– Google has reported a high-severity security vulnerability (CVE-2024-32896) in Pixel Firmware, which has been exploited in the wild as a zero-day, with indications of limited, targeted exploitation.
– The June 2024 security update addresses a total of 50 security vulnerabilities, with five relating to various components in Qualcomm chipsets. Notable issues include denial-of-service (DoS) impacting Modem and numerous information disclosure flaws affecting GsmSs, ACPM, and Trusty.
– The security updates are available for supported Pixel devices, including Pixel 5a with 5G, Pixel 6a, Pixel 6, Pixel 6 Pro, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel 8, Pixel 8 Pro, Pixel 8a, and Pixel Fold.
– Earlier in April, Google resolved two security flaws in the bootloader and firmware components (CVE-2024-29745 and CVE-2024-29748) that were weaponized by forensic companies to steal sensitive data.
– Arm has also notified users of a memory-related vulnerability (CVE-2024-4610) in Bifrost and Valhall GPU kernel drivers that has come under active exploitation.