Google has issued a warning about a critical zero-day vulnerability, CVE-2024-32896, affecting Pixel Firmware, which has been actively exploited in targeted attacks. This flaw allows attackers to elevate privileges within the Pixel Firmware environment. Despite limited details on the attacks, Google has acknowledged the severity and urgency of patching.
The June 2024 security update from Google addresses a total of 50 vulnerabilities, including issues in Qualcomm chipsets and various components like Modem, GsmSs, ACPM, and Trusty. Notable fixes include a denial-of-service (DoS) vulnerability in Modem and multiple information disclosure flaws.
Earlier, Google addressed vulnerabilities CVE-2024-29745 and CVE-2024-29748, previously exploited by forensic companies to extract sensitive data. Recently, Arm also alerted users about CVE-2024-4610, a memory-related vulnerability in GPU drivers, which is actively being exploited.
Additionally, GrapheneOS, a security-focused Android fork, highlighted that CVE-2024-32896 resolves a previously partial solution for CVE-2024-29748 across all Android devices, emphasizing its broader implications beyond Pixel devices. They noted ongoing enhancements specific to Pixels in the latest Android update, AOSP Android 14 QPR3.
Reference:
