Google on Tuesday rolled out patches for 50 security vulnerabilities affecting its Pixel smartphones, of which one patched vulnerability has already been exploited in the wild as a zero-day.
The zero-day tracked as CVE-2024-32896, which has been rated a high-severity security issue, exploits the elevation of privilege (EoP) flaw in the Pixel firmware.
This flaw could provide threat actors with app rights that should not be available to them, thereby giving them access to sensitive data.
“There are indications that CVE-2024-32896 may be under limited, targeted exploitation,” the companyย warnedย this Tuesday.
“All supported Google devices will receive an update to the 2024-06-05 patch level. We encourage all customers to accept these updates to their devices.”
In the Pixel security bulletinย documents, Google also tagged 44 additional security flaws, of which seven are privilege escalation vulnerabilities found in components such as LDFW, Goodix, Mali, avcp, and confirmationui; while another 24 high-severity flaws are remote code execution (RCE) vulnerabilities in CPIF, WLAN, and other components.
Besides these, some flaws found in Qualcomm and Qualcomm closed-source components were also fixed with the update that they were deemed to be moderate.
If you have a Google Pixel device, it is recommended that you apply the security update now.
To do so, Pixel users need to navigate to Settings > Security & privacy > System & updates > Security update.
Then, tap on Install and restart the device to complete the update process.
Check out the security bulletin here to learn more about the June 2024 updates for Google Pixel devices.