Attackers are actively taking advantage of a Pixel security flaw

If new features don’t entice you to download uploads, a security risk surely will. Yesterday, Google released new goodies for its supported smartphone phones in the form of the June Pixel feature drop, as well as the June 2024 security patch, and Android 14 QPR3 (Quarterly Platform Release). The security update fixes fifty bugs, seven of which are critical in severity. Many of the vulnerabilities have been identified as elevation of privilege (EoP) flaws. This vulnerability could give apps rights that should not be available to them and these illicit privileges could give bad actors access to sensitive data.

What’s alarming is that one of the bugs, CVE-2024-32896, which is high in severity and is related to Pixel firmware, is believed to be under exploitation, meaning cybercriminals are targeting it in real time to wreak havoc. It’s also an EoP flaw.

Other EoP flaws were found in Goodix, Mali, and modem subcomponents. Some flaws were also found in Qualcomm components, but they were deemed to be moderate.

Regardless, the new update will take care of all the vulnerabilities, no matter their severity.

Thankfully, the scale of exploitation is believed to be limited, but with Google openly announcing that it’s an exploitable flaw, we can expect more attackers to take advantage of it.

That’s why, Google has released the 2024-06-05 security patch and is asking users to update their devices right away. You can do that by navigating to System & updates in the Settings app.

Onto positive things, the feature drop brings Gemini Nano, Google’s most efficient AI model, to the Pixel 8 and 8a. All Pixel 8 series phones also got DisplayPort Alt Mode capabilities, meaning they can now enjoy their phone’s content on a larger screen. Also, the Find My Device feature will now work even when your phone is dead. Another interesting new feature is reverse phone number search for unknown numbers.