Google releases Pixel June 2024 security updates
Take action: If you are using Google Pixel phone, time for an update. There are multiple items to be patched, both actively exploited and new critical flaws. It takes about an hour to patch, so run the update and watch a movie in the meantime.
Learn More
Google has released patches addressing 50 security vulnerabilities impacting its Pixel devices, including one high-severity flaw that has been exploited in targeted attacks as a zero-day vulnerability.
Key Vulnerabilities Addressed
- CVE-2024-32896 - This vulnerability exists in the Pixel firmware and allows attackers to gain elevated privileges on the device. There is evidence suggesting it has been exploited in limited, targeted attacks. Users are urged to update to the 2024-06-05 patch level to protect against this exploit.
- CVE-2024-4610 - This memory-related vulnerability allows for information disclosure and arbitrary code execution. It has been actively exploited in the wild. Arm has issued warnings and users should ensure their drivers are up-to-date.
- CVE-2024-29745: Information disclosure vulnerability in the Pixel bootloader. Used by forensic firms to unlock Pixel devices without requiring a PIN, gaining access to stored data.
- CVE-2024-29748: Privilege escalation vulnerability in the Pixel firmware. Used by forensic firms to unlock Pixel devices without requiring a PIN, gaining access to stored data
- CVE-2024-32891: A-313509045 - Elevation of Privilege (EoP) - Critical - LDFW
- CVE-2024-32892: A-326987969 - Elevation of Privilege (EoP) - Critical - Goodix
- CVE-2024-32899: A-301669196 - Elevation of Privilege (EoP) - Critical - Mali
- CVE-2024-32906: A-327277969 - Elevation of Privilege (EoP) - Critical - avcp
- CVE-2024-32908: A-314822767 - Elevation of Privilege (EoP) - Critical - LDFW
