Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day.
The substantial-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware.
The firm did not share any more facts similar to the character of attacks exploiting it, but pointed out “there are indications that CVE-2024-32896 may be below confined, targeted exploitation.”
The June 2024 security update addresses a full of 50 security vulnerabilities, 5 of which relate to a variety of factors in Qualcomm chipsets.
Some of the noteworthy issues patched consist of denial-of-provider (DoS) issue impacting Modem, and numerous data disclosure flaws influencing GsmSs, ACPM, and Trusty.
The updates are available for supported Pixel units, such as Pixel 5a with 5G, Pixel 6a, Pixel 6, Pixel 6 Pro, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel 8, Pixel 8 Pro, Pixel 8a, and Pixel Fold.
Before this April, Google settled two security flaws in the bootloader and firmware elements (CVE-2024-29745 and CVE-2024-29748) that had been weaponized by forensic businesses to steal sensitive knowledge.
Then previous week, Arm notified users of a memory-connected vulnerability (CVE-2024-4610) in Bifrost and Valhall GPU kernel drivers that has appear under active exploitation.
Discovered this posting exciting? Observe us on Twitter and LinkedIn to go through far more distinctive material we publish.
Some parts of this article are sourced from:
thehackernews.com