Google has rolled out a massive Pixel security update alongside a warning that one of the patched vulnerabilities has already been exploited in the wild.

The zero-day is tagged as CVE-2024-32896 and described as an elevation of privilege issue in Pixel Firmware. The bug carries a high-severity rating.

Google did not share details of the zero-day beyond a single line in the Pixel security bulletin: “There are indications that CVE-2024-32896 may be under limited, targeted exploitation.”

The Pixel security bulletin documents at least 44 Pixel-specific vulnerabilities ranging in severity from critical to high to moderate risk. Google marked seven of the 44 bugs in the critical category.

“We encourage all customers to accept these updates to their devices,” Google said in an advisory that also flags serious vulnerabilities across various mobile device and OS subcomponents.

Read more at the link below.

Source: Securityweek.com