Google has released its June 2024 security update package for supported Pixel smartphones, effectively mitigating over 50 vulnerabilities in the Android OS. More than half of these vulnerabilities present a high or critical threat level. Evidence suggests that criminals are already successfully exploiting one of these, which is categorized as ‘high risk’ rather than ‘critical’.
The vulnerability, tagged as CVE-2024-32896, is related to privilege escalation. Google has yet to reveal any details about it, in line with their usual practice of postponing information disclosure until the majority of users have updated their software — a strategy designed to mitigate any damage inflicted by hackers. Typically, vulnerabilities associated with privilege escalation enable cyber criminals to gain rights and permissions usually inaccessible through standard means. This allows them to install malicious software, steal confidential data, modify settings, and carry out other actions that make the system more susceptible to future attacks.
The update package deals with a range of vulnerabilities including those related to privilege escalation, remote code execution, and Denial of Service (DoS). Several system components are affected, including the fingerprint scanner, modem, audio module, and others. Some vulnerabilities concern Qualcomm components. Pixel device updates are released separately from updates for other Android smartphones, given that many features debut in Google’s own products. Currently, Google supports smartphones from the Pixel 4 line onwards.