Google fixed critical security vulnerabilities in Pixel devices, including two actively exploited flaws. These vulnerabilities, identified by CVE-IDs CVE-2024-29745 and CVE-2024-29748, impacted the bootloader and firmware of Pixel phones, potentially allowing attackers to bypass PIN security and steal user data.
A total of 24 vulnerabilities were fixed across various Pixel and Qualcomm components, including elevation of privilege (EoP) and information disclosure issues.
Pixel phones receive regular software updates that include security enhancements, new features, operating system updates, bug fixes, and more.
The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices (Google devices). For Google devices, security patch levels of 2024-04-05 or later address all issues in this bulletin and all issues in the April 2024 Android Security Bulletin.
Impact of the Vulnerabilities (CVE Details):
- CVE-2024-29745 (High Severity): This vulnerability resided in the Pixel’s bootloader, a core component responsible for booting the phone. An attacker exploiting this flaw could potentially gain access to sensitive information stored on the device.
- CVE-2024-29748 (High Severity): This vulnerability existed within the Pixel’s firmware, the set of instructions that controls the hardware. Exploitation could grant an attacker elevated privileges, enabling them to bypass security measures and potentially compromise the entire device.
How to Update Your Pixel Phone?
Google has released a security update addressing these vulnerabilities. It’s crucial for Pixel users to install this update as soon as possible to mitigate the risks. Here’s how to update your Pixel phone:
- Go to Settings > System > System update.
- Tap “Check for update.”
- If an update is available, download and install it.
Additional Notes:
- These vulnerabilities were reportedly exploited with limited targeting, potentially by forensics firms. However, widespread exploitation is always a possibility.
- The update also addresses 24 other vulnerabilities in various Pixel components and additional flaws within the base Android system.
- It’s recommended to enable automatic updates whenever possible to ensure your Pixel receives the latest security patches.
- By installing the update promptly, Pixel users can significantly enhance their device’s security and protect their data from potential attacks.
