Google rolls out huge security update to Pixel phones, squashing 50 vulnerabilities

June 2024 has been a big month for Pixel smartphones. Not only did Gemini Nano roll out to the Pixel 8a, but Google also released a huge security update to multiple models. 

It addresses 50 vulnerabilities, ranging in severity from moderate to critical. One of the more insidious flaws is CVE-2024-32896, which Tom’s Guide states “is an elevation of privilege (EoP) vulnerability.” 

An EoP refers to a bug or design flaw that a bad actor can exploit to gain unfettered access to a smartphone’s resources. It’s a level of access that not even a Pixel owner normally has. Even though it’s not as severe as the others, CVE-2024-32896 did warrant an extra warning from Google on the patch’s Pixel Update Bulletin page, stating it “may be under limited, targeted exploitation.” 

In other words, it's likely bad actors are going to be targeting the flaw to infiltrate a Pixel phone, so it’s important that you install the patch.

Installing the fix

The rest of the patch affects other important components on the devices, such as the Pixel Firmware fingerprint sensor. It even fixes a handful of Qualcomm and Qualcomm closed-source components.

Google’s patch is ready to download for all supporting Pixel phones, and you can find the full list of models on the tech giant’s Help website here. They include but are not limited to the Pixel Fold, Pixel 7 series, and the Pixel 8 line.

To download the update, go to the Settings menu on your Pixel phone. Go to Security & Privacy, then to System & Updates. Scroll down to the Security Update and hit Install. Give your device enough time to install the patch and then restart your smartphone.

Existing on Android

It’s important to mention that the EoP vulnerability seems to exist on third-party Android hardware; however, a fix won’t come out for a while. As news site Bleeping Computer explains, the operating systems for Pixel and Android smartphones receive security updates at different times. The reason for this separate rollout is that third-party devices have their own “exclusive features and capabilities.” One comes out faster than the other.

Developers for GrapheneOS, a unique version of Android that is more focused on security, initially found the flaw in April. In a recent post on X (the platform formerly known as Twitter), the team believes non-Pixel phones probably won’t receive the patch until the launch of Android 15. If you don’t get the new operating system, the EoP bug probably won't get removed. The GrapheneOS devs claim the June update “has not been backported.”

Be sure to check out TechRadar’s list of the best Android antivirus apps for 2024 if you want even more protection. 

You might also like

TechRadar – All the latest technology news

Read More

This malware tool is still successfully exploiting Internet Explorer vulnerabilities

The notorious exploit-as-a-service RIG Exploit Kit, targeting users of the positively ancient, vulnerability-ridden web browser Internet Explorer, is still going strong, experts have warned.

Per a report by security research firm Prodaft, installs of the kit are attempting around 2,000 intrusions a day, and succeeding 30% of the time, allowing it to spread infostealers and other forms of malware to users in over 207 countries.

Despite warning against the rise of cybercrime-as-a-service in 2022’s Microsoft Digital Defence Report, and RIG being known to also distribute ransomware, millions of users (mostly in enterprise) just won’t stop using Windows Explorer, having apparently no regard for data privacy.

Update your browser, please God

Internet Explorer has been old news since around 2015, when the now Chromium-based Edge was put into development, and completely depreciated since August 2021

And in February 2023, Microsoft announced that it’s finally getting around to scrubbing every last bit of it from existence, such an embarrassment it is in this day and age, and making you use Edge anyway (although you can still do a lot better).

We keep writing about it, and we keep getting emails from burgeoning violent criminals swearing at us over why we bother doling out security posture advice for businesses at all. (Hugs and kisses to all our readership, even if they’ve fled an institution. xox)

But, do you know what, we’re going to do it again: buy new laptops running Windows 11, and enjoy all the advancements in UI that have come on in the last 28 years, you wanton maniac.

And then maybe you won’t have to keep a straight face in front of IT when threat actors known only as “Bean Meme Gang” steal the private medical records of a million people, and we could write about something else.

Via BleepingComputer

TechRadar – All the latest technology news

Read More