Dear Android users, it’s time for yet again another vital security update. Google has recently addressed multiple vulnerabilities in Android and Pixel devices, including some that were actively being exploited by malicious actors. Alrighty then.
In total, Google patched 28 Android vulnerabilities and 25 Pixel-specific flaws. Who would’ve thought that demand for rapid-pace software development brings security vulnerabilities.
Pixel-Specific Threats: Actively Exploited
Two critical vulnerabilities (CVE-2024-29745 and CVE-2024-29748) specifically affect Google Pixel devices:
- CVE-2024-29745: A high-severity flaw in the bootloader that could allow attackers to access sensitive information.
- CVE-2024-29748: A bug found in the firmware that could let attackers of your Pixel device. Google indicates these are being used in targeted attacks, a pattern seen with similar flaws exploited by state-backed groups. If you own a Pixel device, updating is absolutely essential.
Vulnerabilities Affecting All Android Devices
Google also patched numerous vulnerabilities in the core Android system. These fixes are included in:
- 2024-04-01 Security Patch Level: This patch addresses security high risks such as privilege escalation, information leaks, and potential denial-of-service attacks. The updates are necessary for all Android devices.
- 2024-04-05 Security Patch Level: Fixes vulnerabilities in components from MediaTek, Widevine, and Qualcomm. If your Android device uses these components, this update is also important.
Update, and stay safe!
Photo credit: TY Lim – Shutterstock