HomeNewsGoogle Warns of Actively Exploited Pixel Firmware Vulnerability
Image source Bleeping Computer
Google has released its June 2024 security updates to address multiple vulnerabilities in Pixel devices, including a zero-day flaw that is being actively exploited by threat actors. The vulnerability, tracked as CVE-2024-32896, is an elevation of privilege issue in the Pixel firmware that carries a high-severity rating.
The Zero-Day Exploit
According to Google’s advisory, there are indications that CVE-2024-32896 “may be under limited, targeted exploitation.” The company has not disclosed additional details about the nature of the attacks or the threat actors involved. Elevation of privilege vulnerabilities could allow malicious actors to escalate their access on compromised systems, potentially leading to further compromise.
Patching the Flaw
Google has released patches for CVE-2024-32896 and 49 other security vulnerabilities affecting Pixel devices as part of the June 2024 update. Seven of these vulnerabilities are rated as critical severity, while 16 are considered high severity, including CVE-2024-32896.
The vulnerabilities impact various components of Pixel devices, such as LDFW, Goodix, Mali GPU, avcp, confirmationui, CPIF, WLAN, and others. Some of these flaws could lead to remote code execution or elevation of privilege if exploited successfully.
Google strongly recommends that Pixel users apply the latest security updates promptly to protect their devices from potential attacks. Users can check for updates by navigating to Settings > Security & privacy > System & updates > Security update and tapping “Install” if an update is available.
Broader Impact and Recommendations
While the active exploitation of CVE-2024-32896 appears to be limited and targeted at the moment, the disclosure of this zero-day vulnerability highlights the importance of regular software updates and security best practices.
Users of Pixel devices and other Android devices should ensure they keep their devices up-to-date with the latest security patches. It is also recommended to enable automatic updates, if available, to receive security fixes promptly.
Additionally, users should exercise caution when opening emails, messages, or links from untrusted sources, as these could be vectors for delivering malicious payloads that exploit vulnerabilities like CVE-2024-32896.
If you suspect your device may have been compromised, consider performing a factory reset and restoring from a secure backup. Users can also consult Google’s support resources or seek professional assistance for further guidance.
The active exploitation of the CVE-2024-32896 zero-day vulnerability in Pixel devices underscores the importance of prompt patching and security awareness. Google’s swift response in releasing security updates is commendable, but users must play their part by applying these updates and following security best practices to protect their devices and data.
Starting in mid-July 2025, Microsoft will begin automatically blocking legacy authentication protocols in Microsoft 365, with full enforcement expected by August 2025. This update addresses…
A critical security vulnerability discovered in Microsoft 365 Copilot highlights that there is a risk associated with AI-powered business tools that we must continue to…
Microsoft has released its June 2025, Patch Tuesday security updates addressing 66 vulnerabilities across its software ecosystem. This month’s release includes one actively exploited zero-day…