Google Fixes Critical RCE Vulnerabilities in December 2024 Pixel Security Update

### #PixelSecurityUpdate #RemoteCodeExecution #AndroidVulnerabilities

Summary: Google has released its December 2024 security update for Pixel devices, addressing 28 vulnerabilities, including two critical remote code execution flaws. Users are urged to update their devices to mitigate potential risks.

Threat Actor: Unknown | unknown
Victim: Pixel Device Users | Pixel Device Users

Key Point :

  • Two critical RCE vulnerabilities (CVE-2024-39343 and CVE-2024-53842) could allow remote attackers to execute arbitrary code.
  • High-severity vulnerabilities include Elevation of Privilege flaws in eSIM, VPN, and FPS components.
  • The update is being rolled out in phases and spans multiple Android versions (12 through 15).
  • Google has not confirmed any active exploitation of these vulnerabilities in the wild.
  • Users can check for updates manually in the device settings.

Google has rolled out its December 2024 security update for Pixel devices, addressing a total of 28 vulnerabilities, including two critical remote code execution (RCE) flaws in the Cellular baseband subcomponent. The update is being rolled out in two parts, with the first addressing six security defects in the Framework and System components and the second tackling vulnerabilities in components from Imagination Technologies, MediaTek, and Qualcomm.

The two critical vulnerabilities (CVE-2024-39343 and CVE-2024-53842) reside in the Cellular baseband subcomponent and could allow remote attackers to execute arbitrary code on vulnerable devices.

In addition to the critical RCE flaws, the update also addresses several high-severity vulnerabilities, including:

  • Elevation of privilege (EoP) vulnerabilities in the eSIM (CVE-2024-8257), VPN (CVE-2024-11624), and FPS (CVE-2024-53835 & CVE-2024-53840) components.
  • A remote code execution flaw (CVE-2024-43767) in the System component that could be exploited without any additional execution privileges

Fixes span multiple Android versions (12 through 15), with the updated source code available in the Android Open Source Project (AOSP) repository.

Google has not disclosed any information about these vulnerabilities being actively exploited in the wild. However, users are strongly encouraged to update their Pixel devices as soon as the security update becomes available to mitigate the risk of potential attacks.

The update is being rolled out in phases, so it may take some time to reach all devices. Users can manually check for updates by going to Settings > System > System update.

Related Posts:

Source: https://securityonline.info/google-fixes-critical-rce-vulnerabilities-in-december-2024-pixel-security-update