Google patches exploited Android zero-day on Pixel devices

Google patches exploited Android zero-day on Pixel devices

June 13, 2024 at 01:39PM

Google’s latest Pixel update includes patches for 50 security vulnerabilities, with one already being exploited as a zero-day attack. GrapheneOS confirms the exploit and mentions forensics companies targeting users with certain apps. The update aims to address this and other issues, but requires manual installation. Additionally, Arm has flagged a vulnerability in Bifrost and Valhall GPU kernel drivers.

Based on the meeting notes, the key takeaways are:
– Google has released patches for 50 security vulnerabilities impacting its Pixel devices, including a high-severity security issue (CVE-2024-32896) that has been exploited in targeted attacks as a zero-day.
– GrapheneOS says CVE-2024-32896 is the same as CVE-2024-29748 and has been addressed as part of making their duress PIN/password feature.
– Google has tagged 44 other security bugs in this month’s Pixel update bulletin, including seven critical privilege escalation vulnerabilities.
– Pixel devices receive separate security and bug fix updates from standard monthly patches distributed to all Android OEMs due to their exclusive features and capabilities.
– Pixel users can apply the security update by going to Settings > Security & privacy > System & updates > Security update and tapping Install, then restarting the device to complete the update process.
– Arm warned of a memory-related vulnerability (CVE-2024-4610) in Bifrost and Valhall GPU kernel drivers exploited in the wild.

Let me know if you need any further assistance or information.

Full Article