Google has warned {that a} security flaw impacting Pixel Firmware has been exploited within the wild as a zero-day.
The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege challenge in Pixel Firmware.
The corporate didn’t share any extra particulars associated to the character of assaults exploiting it, however famous “there are indications that CVE-2024-32896 could also be below restricted, focused exploitation.”
The June 2024 security replace addresses a complete of fifty security vulnerabilities, 5 of which relate to numerous elements in Qualcomm chipsets.
A few of the notable points patched embrace denial-of-service (DoS) challenge impacting Modem, and quite a few data disclosure flaws affecting GsmSs, ACPM, and Trusty.
The updates can be found for supported Pixel units, reminiscent of Pixel 5a with 5G, Pixel 6a, Pixel 6, Pixel 6 Professional, Pixel 7, Pixel 7 Professional, Pixel 7a, Pixel 8, Pixel 8 Professional, Pixel 8a, and Pixel Fold.
Earlier this April, Google resolved two security flaws within the bootloader and firmware elements (CVE-2024-29745 and CVE-2024-29748) that have been weaponized by forensic firms to steal delicate information.
Then final week, Arm notified customers of a memory-related vulnerability (CVE-2024-4610) in Bifrost and Valhall GPU kernel drivers that has come below energetic exploitation.
