June 12, 2024 at 03:13PM
Google has released patches for 50 security vulnerabilities affecting its Pixel devices. One flaw, CVE-2024-32896, has been targeted in zero-day attacks and is considered a high-severity issue. The company advises all supported Google devices to accept the 2024-06-05 patch update. Pixel users must go to Settings > Security & privacy > System & updates > Security update to complete the update process.
From the meeting notes, the key takeaways are as follows:
– Google has released patches for 50 security vulnerabilities impacting its Pixel devices, including a high-severity elevation of privilege (EoP) flaw, tagged as CVE-2024-32896, which has been targeted in limited, targeted exploitation.
– All supported Google devices will receive an update to the 2024-06-05 patch level, and users are encouraged to accept these updates to their devices.
– In addition to the EoP flaw, seven critical privilege escalation vulnerabilities have been identified in Pixel devices, and Pixel devices receive separate security and bug fix updates due to their exclusive features, capabilities, and unique hardware platform directly controlled by Google.
– To apply the security update, Pixel users must navigate to Settings > Security & privacy > System & updates > Security update, tap Install, and restart the device to complete the update process.
– Arm has warned of a memory-related vulnerability (CVE-2024-4610) in Bifrost and Valhall GPU kernel drivers exploited in the wild, impacting all versions of Bifrost and Valhall drivers from r34p0 through r40p0.
– In April, Google fixed two other Pixel zero-days, CVE-2024-29745 and CVE-2024-29748, exploited by forensic firms to unlock phones without a PIN and access data, which were tagged as a high-severity information disclosure bug in the Pixel bootloader and a high-severity privilege escalation bug in the Pixel firmware, respectively.
These clear takeaways summarize the main security vulnerabilities and updates discussed during the meeting.