The Pixel Update Bulletin details security vulnerabilities and functional improvements for supported devices.
Updating to the April 2024 security patch level (2024-04-05 or later) addresses all these issues and those included in the April 2024 Android Security Bulletin.
The device’s security patch level can be checked through the “Check and update your Android version” option. In contrast, Google strongly recommends installing this update on all supported Pixel devices to maintain security and improve functionality.
Google released an update addressing security vulnerabilities on Pixel devices. The update patches two critical vulnerabilities (CVE-2024-29745 and CVE-2024-29748) that might be under limited, targeted attacks.
CVE-2024-29745 is an information disclosure vulnerability in the bootloader. This program loads the operating system, while CVE-2024-29748 is a privilege escalation vulnerability in the Pixel firmware, potentially allowing attackers to gain more control over the device.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
It is recommended that all Pixel users update their devices to the latest security patch (April 5, 2024, or later) to mitigate these vulnerabilities.
Android publishes security patches to address vulnerabilities in the Android Open Source Project (AOSP). These patches are grouped by the component they impact and described in detail.
Each patch includes a table that includes the Common Vulnerabilities and Exposures (CVE) identifier, links to relevant references, the type of vulnerability, its severity level, and which versions of AOSP are updated (if applicable).
When available, the public code change that fixes the vulnerability is linked to the bug ID, and if there are multiple code changes associated with a single bug, there are links to additional references following the bug ID.
According to the Pixel Update Bulletin for April 2024, Google Pixel devices are vulnerable to multiple security exploits.
The most critical vulnerability (CVE-2024-29740) resides in the ACPM (Advanced Configuration and Power Management) component and could potentially allow attackers to compromise the device ultimately.
Other high-severity vulnerabilities affect the S2MPU (Sensor Management Processing Unit), Pixel firmware, Companion app, and other ACPM components.
Google has released security patches addressing these vulnerabilities in the April 5th security patch level update, in which it is recommended that all Pixel users update their devices to the latest security patch level as soon as possible.
The Android Security Team acknowledges several researchers who identified and reported vulnerabilities (CVEs) in Qualcomm components that affect various Qualcomm subcomponents and have varying severity levels.
The report highlights researchers like Alena Skliarova (CVE-2024-0026, etc.), CheolJun Park (CVE-2023-32890, etc.), and Daniel Micay (CVE-2024-29745, etc.) for their contributions and also details vulnerabilities discovered by Google employees like Martijn Bogaard (CVE-2024-27231, etc.) and Mostafa Saleh (CVE-2024-29741).
Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide