Google says Pixel Phone owners should install the latest security update without delay. The newly released Pixel update bulletin in June 2024 includes several fixes and changes, including one for a dangerous security flaw. Unlike most bugs, this one appears to be actively exploited in the wild.
The new firmware for Pixel devices includes patches for several dozen vulnerabilities, many of them classified as moderate threats. However, some fall into the high and critical category, including CVE-2024-32896. Google reports that this is a high severity elevation of privilege (EoP) flaw in the Pixel firmware. With the right tools, an attacker can use them to gain access to permissions and features that they should not be able to access. The result may be data loss or the installation of tools that open the door to future hacks.
Google has not offered any additional details about the error. saying only that “it may be under limited and selective exploitation.” This is not unusual: companies often limit the amount of information provided in software vulnerabilities until most systems are patched.
The risk is even higher here, as people are already taking advantage of the flaw. The last thing Google wants is to promote the flaw to other nefarious hackers. Specifying that the exploit is a target suggests that only a small number of people outside of Google know about the flaw and are using it to pursue high-priority issues.
While many of the patches address issues with third-party components like the Goodix fingerprint sensor or Samsung's Exynos radio interface layer, that's not the case here. CVE-2024-32896 is a flaw in Google's Pixel software. So there is no one else to blame for this.
Credit: Ryan Whitwam
The update is starting to roll out and should appear on all eligible devices in the next day or two. Currently supported devices include all Pixel devices in the Pixel Series 6 forward. Older devices are no longer guaranteed security updates. Still, it looks like the OTA will be available for the Pixel 5a even though it's a few months past its support window.
So far, the Pixel phones we have have not received OTAs. If you don't want to wait for the new version to be deployed, you can download the version full system image or OTA update. Simply download the correct file from the Google developer site and install it using Recovery or with a computer and ADB over a cable.
