Google Warns of Actively Exploited Pixel Firmware Vulnerability 

13.06.24

Threat Intelligence Alerts

Google has released its June 2024 security updates to address multiple vulnerabilities in Pixel devices, including a zero-day flaw that is being actively exploited by threat actors. The vulnerability, tracked as CVE-2024-32896, is an elevation of privilege issue in the Pixel firmware that carries a high-severity rating.  

According to Google’s advisory, there are indications that CVE-2024-32896 “may be under limited, targeted exploitation.” The company has not disclosed additional details about the nature of the attacks or the threat actors involved. Elevation of privilege vulnerabilities could allow malicious actors to escalate their access on compromised systems, potentially leading to further compromise. 

Google has released patches for CVE-2024-32896 and 49 other security vulnerabilities affecting Pixel devices as part of the June 2024 update. Seven of these vulnerabilities are rated as critical severity, while 16 are considered high severity, including CVE-2024-32896. 

The vulnerabilities impact various components of Pixel devices, such as LDFW, Goodix, Mali GPU, avcp, confirmationui, CPIF, WLAN, and others. Some of these flaws could lead to remote code execution or elevation of privilege if exploited successfully. 

Google strongly recommends that Pixel users apply the latest security updates promptly to protect their devices from potential attacks. Users can check for updates by navigating to Settings > Security & privacy > System & updates > Security update and tapping “Install” if an update is available. 

While the active exploitation of CVE-2024-32896 appears to be limited and targeted at the moment, the disclosure of this zero-day vulnerability highlights the importance of regular software updates and security best practices. 

Users of Pixel devices and other Android devices should ensure they keep their devices up-to-date with the latest security patches. It is also recommended to enable automatic updates, if available, to receive security fixes promptly. 

Additionally, users should exercise caution when opening emails, messages, or links from untrusted sources, as these could be vectors for delivering malicious payloads that exploit vulnerabilities like CVE-2024-32896. 

If you suspect your device may have been compromised, consider performing a factory reset and restoring from a secure backup. Users can also consult Google’s support resources or seek professional assistance for further guidance. 

The active exploitation of the CVE-2024-32896 zero-day vulnerability in Pixel devices underscores the importance of prompt patching and security awareness. Google’s swift response in releasing security updates is commendable, but users must play their part by applying these updates and following security best practices to protect their devices and data. 

Further reading on this can be found at: