{"id":24679,"date":"2024-06-13T06:10:04","date_gmt":"2024-06-13T14:10:04","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/06\/13\/news-18409\/"},"modified":"2024-06-13T06:10:04","modified_gmt":"2024-06-13T14:10:04","slug":"news-18409","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/06\/13\/news-18409\/","title":{"rendered":"Update now! Google Pixel vulnerability is under active exploitation"},"content":{"rendered":"\n<p>Google has <a href=\"https:\/\/source.android.com\/docs\/security\/bulletin\/pixel\/2024-06-01\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">notified<\/a> Pixel users about an actively exploited vulnerability in their phones&#8217; firmware.<\/p>\n<p>Firmware is the code or program which is embedded into hardware devices. Simply put, it is the software layer between the hardware and the applications on the device.<\/p>\n<p>About the vulnerability, Google said there are indications it may be:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;under limited, targeted exploitation.\u201d<\/p>\n<\/blockquote>\n<p>This could mean that the discovered attacks were very targeted, for example by state-sponsored actors or industry-grade spyware. However, it&#8217;s still a good idea to get these patches as soon as you can. And whether you have a Pixel or not, all Android users should make sure they&#8217;re using the latest version available, because the June 2024 security update addresses a total of 50 security vulnerabilities.<\/p>\n<p>Updates to address this issue are available for supported Pixel devices, such as Pixel 5a with 5G, Pixel 6a, Pixel 6, Pixel 6 Pro, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel 8, Pixel 8 Pro, Pixel 8a, and Pixel Fold.<\/p>\n<p>For these Google devices, security patch levels of 2024-06-05 or later address this issue. You can find your device\u2019s Android version number, security update level, and Google Play system level in your <strong>Settings<\/strong> app.<\/p>\n<p>You should get notifications when updates are available for you, but it\u2019s not a bad idea to manually check for updates. For most phones it works like this: Under <strong>About phone<\/strong> or <strong>About device<\/strong> you can tap on <strong>Software updates<\/strong> to check if there are new updates available for your device, although there may be slight differences based on the brand, type, and Android version of your device.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-technical-details\">Technical details<\/h2>\n<p>The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVE for this vulnerability is:<\/p>\n<p><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-32896\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2024-32896<\/a>: an elevation of privilege (EoP) issue in Pixel firmware.<\/p>\n<p>An elevation of privilege vulnerability occurs when an application gains permissions or privileges that should not be available to them. This can be a key element in an attack chain when a cybercriminal wants to move forward from initial access to a device to a full compromise.<\/p>\n<hr class=\"wp-block-separator alignfull has-alpha-channel-opacity is-style-wide\" \/>\n<p><strong>We don\u2019t just report on phone security\u2014we provide it<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by\u00a0<a href=\"https:\/\/www.malwarebytes.com\/ios\">downloading Malwarebytes for iOS<\/a>, and <a href=\"https:\/\/www.malwarebytes.com\/android\">Malwarebytes for Android<\/a> today.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/06\/update-now-google-pixel-vulnerability-is-under-active-exploitation\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Google revealed that a firmware vulnerability in its Pixel devices has been under limited active exploitation <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10462,31532,11746,11617,32,15466],"class_list":["post-24679","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-android","tag-cve-2024-32896","tag-eop","tag-firmware","tag-news","tag-pixel"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24679","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24679"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24679\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24679"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24679"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24679"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}