Google Pixel Phones Vulnerable to Attack

CVE-2024-32896

In partnership with

Instantly calculate the time you can save by automating compliance

Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, ISO 42001, HIPAA, HITRUST CSF, NIST AI, and more.

Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center, all powered by Vanta AI.

Instantly calculate how much time you can save with Vanta.

Google Pixel Phones Vulnerable to Attack

Google has recently issued a critical security update for its Pixel devices, addressing a significant vulnerability that has already been actively exploited. This vulnerability, identified as CVE-2024-32896, is classified as a high-severity elevation of privilege (EoP) flaw in the Pixel firmware.

Details of the Vulnerability

CVE-2024-32896 is an elevation of privilege issue, which means it allows an attacker to gain elevated access rights on the affected device. This vulnerability has been under limited, targeted exploitation, highlighting its severity and the necessity for prompt mitigation. Google has been proactive in releasing patches to address this and other vulnerabilities .

Google's Response and Recommendations

Google's security bulletin indicates that CVE-2024-32896 may be under limited, targeted exploitation. The company strongly advises all Pixel users to apply the security update immediately to protect their devices from potential attacks. Users can apply the update by navigating to Settings > Security & privacy > System & updates > Security update, then tapping Install and restarting the device to complete the process .

In addition to CVE-2024-32896, the June 2024 security update addresses a total of 50 vulnerabilities in Pixel devices. These range from critical to high and moderate severity, affecting various components such as LDFW, Goodix, Mali, avcp, and confirmationui .

Broader Implications and Ongoing Issues

The critical nature of this update underscores the importance of regularly updating device firmware to mitigate vulnerabilities that can be exploited by attackers. Notably, this is not the first time Pixel devices have been targeted by zero-day vulnerabilities. Earlier in the year, Google fixed two other Pixel zero-days exploited by forensic firms to unlock phones without a PIN and access user data .

Moreover, the security community is also paying attention to another severe defect in the Arm Mali GPU Kernel Driver, tagged as CVE-2024-4610, which has been actively exploited. This memory-related vulnerability impacts all versions of Bifrost and Valhall drivers from r34p0 through r40p0, leading to potential information disclosure and arbitrary code execution .

Conclusion

The discovery and active exploitation of CVE-2024-32896 highlight the persistent threats to mobile device security and the critical need for timely updates. Google's prompt response and comprehensive patch release demonstrate a commitment to securing its devices against evolving threats. Users are urged to stay vigilant and ensure their devices are up-to-date with the latest security patches to protect against potential attacks.

Get smarter about crypto with MilkRoad’s 5 minute daily newsletter, read by 290,000+ people. Subscribe for free!

If you want to start your own newsletter and want to start earning straight away, please feel free to use my affiliate link here.