Google has released a crucial security update addressing vulnerabilities in Pixel devices, including 28 flaws in Android and 25 bugs specific to Pixels, with two of them actively exploited in the wild. These exploited vulnerabilities, tracked as CVE-2024-29745 and CVE-2024-29748, affect Pixel’s bootloader and firmware, prompting Google to issue urgent patches. While specific details about the attacks remain undisclosed, Google warns of potential exploitation by commercial spyware vendors, underlining the severity of the situation.
The update not only addresses the exploited flaws but also resolves 24 vulnerabilities leading to elevation of privilege (EoP) and information disclosure in various Pixel components, along with one issue in Qualcomm components. Of these, the most severe vulnerability, CVE-2024-23704, affects the System component of Android 13 and Android 14, potentially enabling local escalation of privilege without additional execution privileges needed. Google emphasizes the importance of installing the April 2024 security patches, which address a total of eight high-severity flaws in Framework and System components that could be exploited to escalate privileges, leak information, or cause denial-of-service conditions.
In addition to Pixel devices, Google has also issued security updates for Android Automotive OS and Wear OS, resolving all vulnerabilities addressed by the April 2024 security patches. These updates ensure comprehensive protection against known security risks associated with the 2024-04-05 security patch level and all previous patch levels. With cyber threats evolving constantly, Google’s proactive approach to patching vulnerabilities underscores the critical importance of timely security updates for safeguarding devices against potential exploits and ensuring user safety. Users are strongly advised to install these security updates promptly to mitigate the risk of exploitation and protect their devices from malicious attacks.
