The Pixel Recorder app gets smarter and faster with a new shortcut and other improvements

andreasc
-
0
The Pixel Recorder app gets smarter and faster with a new shortcut and other improvements
[ad_1]

Image credit — Google

Google’s Pixel Recorder app, known for its transcription capabilities, has received a significant boost in functionality with the June Feature Drop. Alongside enhancements to the Summarize feature, a new app shortcut has been added for even quicker access.

As spotted by 9to5Google, Pixel users can now create a shortcut on their home screens to instantly start a new recording. The shortcut appears as a red circle on a white background, similar to the floating action button (FAB) within the app. This update not only offers a more convenient way to start recordings but also brings it on par with the Quick Settings Tile functionality.

The Pixel Recorder app gets smarter and faster with a new shortcut and other improvements

Image credit — 9to5Google

This June update isn’t just about convenience, though, as it also extends the Summarize feature to the Pixel 8 and Pixel 8a, which was previously exclusive to the Pixel 8 Pro. By enabling the Gemini Nano model in Developer options, users of these devices can now benefit from automatically generated summaries of their recordings. What’s more, these summaries are now capable of identifying and labeling speakers within the conversation, enhancing their accuracy and usefulness.The Summarize feature’s speaker identification works in conjunction with the manual Speaker Labels that users can set. This means you can either let the app automatically detect and label speakers, or take control and assign labels yourself for greater precision.

The updated Pixel Recorder app, version 4.2.20240502.639621645, is currently rolling out to Pixel users through the Play Store. This update is a noteworthy advancement as it comes ahead of Apple’s introduction of live audio transcription in Notes and Voice Memos with iOS 18.

In terms of features, the June Feature Drop for Pixel Recorder brings a host of improvements. Whether it’s the added convenience of a home screen shortcut, the expanded availability of the Summarize feature, or the enhanced speaker identification within summaries, Pixel users now have an even more powerful tool for recording and transcribing their conversations.


[ad_2]
Source link

Microsoft Window Ntqueryinformationtoken Flaw Escalate Privilege

andreasc
-
0
Microsoft Window Ntqueryinformationtoken Flaw Escalate Privilege
[ad_1]

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088.

With a CVSS score of 8.8, this flaw affects Microsoft Windows and allows local attackers to escalate their privileges on affected installations.

The vulnerability resides in the implementation of the NtQueryInformationToken function within Microsoft Windows.

This function is responsible for querying information about a token, which is a critical component in the Windows security model.

The specific issue arises from the lack of proper locking mechanisms when performing operations on an object.

An attacker can exploit this oversight to escalate privileges and execute arbitrary code in the context of the SYSTEM account, which has the highest privileges on a Windows system.

Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot.

According to the Zero Day Initiative reports, to exploit this vulnerability, an attacker must first gain the ability to execute low-privileged code on the target system.

This could be achieved through various means, such as phishing attacks, exploiting other vulnerabilities, or leveraging social engineering techniques.

Once the attacker has a foothold on the system, they can exploit the NtQueryInformationToken flaw to elevate their privileges, potentially gaining full control over the affected system.

The impact of this vulnerability is significant, as it compromises the security of the entire system.

With SYSTEM-level privileges, an attacker can install malicious software, exfiltrate sensitive data, and disrupt system operations.

The high CVSS score of 8.8 reflects the severity of this vulnerability, highlighting the need for immediate attention and remediation.

Microsoft’s Response

Microsoft has responded promptly to this vulnerability by issuing a security update that addresses the flaw.

The update corrects the improper locking mechanism in the NtQueryInformationToken function, preventing attackers from exploiting the vulnerability to escalate privileges.

Users and administrators are strongly advised to apply this update as soon as possible to protect their systems from attacks.

The timeline for the disclosure of CVE-2024-30088 is as follows:

  • 2024-03-28: Vulnerability reported to Microsoft by Emma Kirkpatrick.
  • 2024-06-12: Coordinated public release of the advisory by Microsoft.

This timeline demonstrates a coordinated effort between the researcher and Microsoft to ensure that the vulnerability was addressed and communicated to the public promptly.

The discovery of CVE-2024-30088 underscores the importance of continuous security research and prompt response from software vendors.

This critical vulnerability in Microsoft Windows could have severe consequences if left unpatched.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


[ad_2]
Source link

Beware WARMCOOKIE Backdoor Knocking Your Inbox

andreasc
-
0
Beware WARMCOOKIE Backdoor Knocking Your Inbox
[ad_1]

WARMCOOKIE is a new Windows backdoor that is deployed by a phishing effort with a recruiting theme dubbed REF6127.

The WARMCOOKIE backdoor can be used to take screenshots of the target computer, deliver additional payloads, and fingerprint a system.

“This malware represents a formidable threat that provides the capability to access target environments and push additional types of malware down to victims”, Elastic Security Labs shared with Cyber Security News.

WARMCOOKIE Execution Flow

Researchers have been observing phishing efforts that use lures associated with recruitment firms since late April 2024.

Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot.

By addressing recipients by name and their present employer, these emails enticed them to look for new employment by clicking on a link that would take them to an internal system where they could read a job description.

Phishing email – Subject: “We’re Interested”

After clicking, users are taken to a landing page that appears to be an authentic website that was created only for them. 

There, they must complete a CAPTCHA test to download a document. The landing pages, which mention a new variation of URSNIF, are similar to earlier campaigns that Google Cloud’s security team has identified.

WARMCOOKIE attack flow

When the CAPTCHA is solved, an obfuscated JavaScript file is downloaded from the page. This obfuscated script launches PowerShell, initiating the initial task to load WARMCOOKIE.

The PowerShell script uses the Background Intelligent Transfer Service (BITS) to download WARMCOOKIE and launch the DLL. 

Researchers note that 45.9.74[.]135 is the IP address where the threat actor continuously and swiftly creates new landing pages.

The actor made an effort to target several hiring agencies while combining industry-related keywords.

Domains associated with 45.9.74[.]135

The backdoor gathers the following values before sending its first outgoing network request, and they are used to identify and fingerprint the target system.

  • Volume serial number
  • DNS domain of the victim machine
  • Computer name
  • Username

In particular, the malware that can take screenshots from victims’ computers offers a variety of harmful possibilities, like making use of private data that is visible on the screen or keeping a close eye on the victim’s computer. 

Screen capture

According to analysts, threat actors create new infrastructure and domains every week to support these campaigns.

“While there is room for improvement on the malware development side, we believe these minor issues will be addressed over time,” researchers conclude.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


[ad_2]
Source link

Jabra is leaving the consumer headphone market

andreasc
-
0
Jabra is leaving the consumer headphone market
[ad_1]

Jabra is a pretty popular brand producing headphones, earbuds, and other audio equipment. It manufactures a wide range of products spanning different markets, and that makes it a brand for the average man. However, according to a new report, Jabra is leaving the consumer headphone market.

This decision wasn’t Jabra’s, as it came from its parent company GN. It was pretty surprising news because Jabra announced some new earbuds on the same day as the news that it was leaving the consumer market. The earbuds in question are the new Elite 10 (2nd-gen) and Elite 8 (2nd-gen). These are the next iterations of the earbuds released back in August 2023.

As you can guess, they bring improvements in audio quality, hardware, and usability. The new Elite 10 and Elite 8 cost $280 and $230, respectively.

Jabra is leaving the consumer headphone market

The consumer market is important for many businesses to thrive. It’s the bread and butter of several of our favorite companies. However, there are brands that can sustain with the income from a more premium market. This might be what Jabra is being steered toward.

The CEO of GN, Peter Karlstromer, issued a statement on why the company made this decision. He said that it’s “part of our commitment to focus on attractive markets where we can deliver profitable growth and strong returns.” Plain and simple, Jabra is being steered to a market that will bring better profits. We respect the lack of PR speak and sugar-coating in this straightforward statement.

So, with this shake-up, Jabra will be giving a few product series the boot. These are the Elite series and the Talk series. The Talk devices are the mono Bluetooth headsets that go in one ear. While Jabra is discontinuing these series of products, the company said that it will still support them for several years. So, you’ll still be able to get firmware updates for the products and probably additional features.

As the year goes on, the company is going to be getting rid of its stock of products, so you’ll see availability shrink. As its stock of affordable devices dwindles, you’ll see more of its premium devices hitting the shelves. Jabra will be in closer competition with companies like Apple, Bose, and Sony.a


[ad_2]
Source link

Spotify Jams could soon get a chat feature

andreasc
-
0
Spotify Jams could soon get a chat feature
[ad_1]

Image credit: Spotify

Spotify, the popular music streaming service, might be adding a new feature to its Jam sessions. A recent breakdown of the Spotify app code, known as an APK teardown, revealed a hidden “Chats” feature with the codename “campfire.” This discovery suggests that Spotify may be working on adding a chat function to Jam sessions, allowing friends to have conversations while listening to music together.Spotify Jam is a feature that allows premium subscribers to create a shared playlist with friends. Whether in person or virtually, friends can listen to and add songs to the queue together. However, it currently lacks an in-app chat function, forcing users to switch to other apps to communicate. This upcoming addition of a chat feature would address this issue and enhance the social aspect of Jam sessions.While the code for this chat feature appears to be a work in progress, its presence hints that Spotify is actively developing it. Based on the limited code found, it seems that this feature is specifically designed for group conversations within Jam sessions. Although not yet confirmed, it’s possible that Spotify is already internally testing the feature.
Video Thumbnail

The ability to chat directly within the Spotify app during Jam sessions would be a welcome addition for users, particularly during virtual sessions where face-to-face communication isn’t possible. It would eliminate the need to switch between apps to message friends and create a more seamless and integrated social experience.

It’s important to note that APK teardowns offer a glimpse into potential future features, but they don’t guarantee that these features will be officially released. However, this discovery does indicate that Spotify is exploring ways to enhance the social aspect of its platform and make Jam sessions more interactive and engaging for users.

As Spotify continues to refine and develop this chat feature, it will be interesting to see how it integrates with Jam sessions and what additional functionalities it might offer. We’ll definitely be keeping an eye out for further updates on this potential addition to Spotify’s features.

[ad_2]
Source link

0day Vulnerability In 10,000 Web Apps Exploited Using XSS Payloads

andreasc
-
0
0day Vulnerability In 10,000 Web Apps Exploited Using XSS Payloads
[ad_1]

A significant vulnerability, tracked as CVE-2024-37629, has been discovered in SummerNote 0.8.18. It allows Cross-Site Scripting (XSS) via the Code View Function.

Summernote is a JavaScript library that helps you create WYSIWYG editors online.

An attacker can insert harmful executable scripts into the code of a trustworthy application or website through a technique known as cross-site scripting (XSS).

An XSS attack is often initiated by an attacker tempting a user to click on a malicious link that they deliver to them.

According to security researcher Sergio Medeiros, 10,000 Web apps have a 0-day vulnerability that may be exploited with a simple XSS payload.

Finding XSS Vulnerability In The Editor

Given the prior vulnerabilities linked to other editors like CKEditor and TinyMCE, which are known to have comparable XSS concerns, the security researcher chose to investigate the WYSIWYG Editor itself.

Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot.

This led to the SummerNote website, allowing users to see their WYSIWYG editor’s features directly on the home page.

They also included a URL to the GitHub repository, which could be used to examine the codebase. 

Users can style their input with HTML components while testing the editor’s Code View function.

The researcher chose to provide the following XSS payload to observe how the WYSIWYG editor handled “malicious” input:

This image has an empty alt attribute; its file name is Capture%20(1).webp
Testing the Code View Function

“After I set my payload, I clicked on the </> button to disable the Code View functionality to see if the editor processed and executed my payload.

To my surprise, I received an alert box confirming that the XSS payload and vector were valid!” the researcher said.

This image has an empty alt attribute; its file name is Capture%20(2).webp
Alert box confirming the XSS payload

Because the Code View function isn’t sanitized, it was possible to inject malicious XSS payloads to execute malicious JavaScript code once they reached the DOM.

According to this analysis, over 10,000 web-based applications employ this WYSIWYG editor. 

Because the Summernote editor manages user input formatting, some users are constantly susceptible to systemic, persistent XSS issues within the web application.

Thus, this ought to inform aspiring hackers that sometimes it’s better to keep things simple regarding “payload creation and exploitation.”

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


[ad_2]
Source link

HONOR Magic V Flip announced as the company’s first clamshell foldable

andreasc
-
0
HONOR Magic V Flip announced as the company’s first clamshell foldable
[ad_1]

The HONOR Magic V Flip is now official after months of rumors and leaks. The device was announced in China, and this is the company’s very first clamshell foldable. HONOR has great foldable under its belt already, but they did not have a flip phone… until now.

The HONOR Magic V Flip is the company’s first flip phone

As you can see in the provided images, the HONOR Magic V Flip has a large cover screen. In fact, HONOR says that it has the largest cover screen around. It is larger than the one on the Galaxy Z Flip 5 and Motorola Razr 40 Ultra.

The phone’s main cameras are placed inside that display, basically, while the main (foldable) display has a display camera hole in it. Speaking of which, the cover display measures 4 inches (1092 x 1200) in diagonal, while the main display measures 6.8 inches (2520 x 1080).

It has two OLED panels, and the Snapdragon 8+ Gen 1 SoC

The main display on the HONOR Magic V Flip is actually quite great. It’s an LTPO 8T+ display, and it offers an adaptive refresh rate from 0.1Hz to 120Hz, as needed. This display also has a 405 PPI, and a 2,160Hz PWM to go easy on your eyes. It also has a peak brightness of 3,000 nits. Both are OLED panels, by the way.

The Snapdragon 8+ Gen 1 fuels the HONOR Magic V Flip. That is quite a surprise, as we’ve expected at least the Snapdragon 8 Gen 2 to be included. The Snapdragon 8+ Gen 1 is still a powerful chip, and it’s capable of running phones without a hitch, though so… there you go. It also allowed HONOR to keep the price tag down.

The phone offers 12GB of RAM and comes in three storage options. Users in China can choose between 256GB, 512GB, and 1TB storage variants of this phone. A 4,800mAh battery is also a part of the package, and it supports 66W charging. Android 14 comes pre-installed, with MagicOS 8.0 on top of it. There are also two SIM card slots inside the device. Bluetooth 5.3 is supported. The fingerprint scanner sits inside the power/lock button on the right side.

Two main cameras are included, while the phone comes in three colors and a ‘Special Edition’

A 50-megapixel main camera (f/1.9 aperture, OIS, EIS) is included on the back, along with a 12-megapixel ultrawide unit (f/2.2 aperture). There is also a camera on the main display, a 50–megapixel unit (Sony’s IMX816 sensor, f/2.0 aperture).

HONOR announced the phone in three color options, Camilla White, Champagne Pink, and Iris Black. The HONOR Magic V Flip measures 1673. x 75.6 x 7.15mm when unfolded. When folded, it measures 86.5 x 75.6 x 14.89mm. The device weighs 193 grams.

The pricing in China starts at CNY4,999 ($689), while it goes up to CNY5,999 ($827) for the ‘normal’ version. The ‘Special Edition’ will set you back CNY6,999 ($965), and it comes with 16GB of RAM and 1TB of storage. What’s the difference between them? Well, the ‘Special Edition’ was actually made in collaboration with Jimmy Choo, a fashion icon. It has a different design, basically. You can see both variants below.

HONOR Magic V Flip Special Edition Jimmy Choo official image 1


[ad_2]
Source link

Should you upgrade to iPhone 15 Pro and later just for Apple Intelligence? Maybe not for now

andreasc
-
0
Should you upgrade to iPhone 15 Pro and later just for Apple Intelligence? Maybe not for now
[ad_1]

iPhone 15 Pro | Image credit – PhoneArena

Just a few days back, Apple officially joined the AI club and announced its so-called Apple Intelligence, a suite of AI features set to debut on select devices with the official release of iOS 18 later this fall.

However, the tech giant clarified that Apple Intelligence will only be available on the latest iPhone 15 Pro models and newer, as well as iPads and MacBooks powered by the M1 chip or later. This got me thinking: Would I upgrade to the current Pro models or the upcoming iPhone 16 series just for Apple Intelligence? My answer is no, and here is why.

Not giving up my iPhone 13 mini yet


So, here is the thing. As intrigued as I am by Apple’s latest AI features, they just don’t justify spending $1000+ on a new Pro model for me. My current iPhone 13 mini, while it may be considered older now, still gets the job done. Plus, its compact form factor is something I find irreplaceable, especially in a market where smaller phones are increasingly rare.

But setting aside size, Apple Intelligence just doesn’t impress me all that much, at least not yet. While the features Apple unveiled are useful in certain scenarios, I personally prefer taking matters into my own hands rather than relying on AI, especially when it involves private conversations and a big part of the new AI features are related to new writing tools in basically anywhere where there is a cursor, such as Mail and the Messages app.I mean, where is the fun in chatting with your girlfriend if AI is suggesting responses to her witty questions? And what about AI summarizing lengthy messages, making it easier to catch up on conversations? How would I then know what John joked about and why our group trip is going south?

Plus, statistics indicate that 52% of consumers have doubts about AI’s ability to protect private information, so features like that might not be widely adopted. There are simply aspects of life where AI has no place despite its rapid development. As the wise girls from the Spice Girls once said:

Stop right now, thank you very much 

I need somebody with a human touch

Apple also unveiled a new AI-powered feature that allows users to remove unwanted objects from their images. It is cool, although not groundbreaking since Google and Samsung already have similar tools like Magic Eraser and Object Eraser. But is this feature alone worth an upgrade?

Apple’s new Clean Up tool | Image credit – Apple

There are plenty of online platforms offering the same solution, and if you really need to remove someone or something from a photo, you can still do it — just with a few extra clicks, but the job gets done.

The one thing that can make me consider an upgrade at the moment is Siri


The updated Siri sounds significantly improved compared to the current version. Apple has revamped Siri using large language models to make it smarter and more responsive to user queries. The new Siri can now perform actions within Apple’s own apps, greatly enhancing its capabilities.Imagine telling Siri to open a document, move a file, delete an email, edit a photo, or provide a quick summary of your notifications and articles. That is the level of convenience Apple is introducing with the updated Siri.

However, as impressive as these updates are, they are not compelling enough for me to upgrade sooner than planned. Plus, in my case, I will have the opportunity to experience Apple Intelligence on my MacBook, so upgrading just doesn’t make sense for me, and probably for many of you too — especially if you already own an iPhone 13,  iPhone 14 series, or the basic models of the iPhone 15 series.

Why only the Pro models?


To be honest, it feels like a bit of a jerk move from Apple to release Apple Intelligence exclusively for its latest Pro models. The iPhone 15 series launched less than a year ago, and I am sure many customers who purchased the basic models were caught off guard.

Rumors suggest that DRAM (dynamic random-access memory) is the reason why AI will be available on the iPhone 15 Pro models and beyond. The iPhone 15 and iPhone 15 Plus have 6GB of DRAM, which is less than the 8GB found on the A17 Pro powering the iPhone 15 Pro and iPhone 15 Pro Max. Allegedly, Apple Intelligence’s on-device AI LLM (large language model) requires about 2GB or less of DRAM.

And you might wonder why Apple didn’t give the basic models 8GB of RAM, as well. I mean, flagship Android phones are slowly moving towards 12GB of RAM as the standard. I wonder about that, too, but I will save that topic for another time.

Right now, Apple says most Apple Intelligence features work directly on your iPhone, keeping your data secure because it stays local. But for more complex tasks or those that go beyond what your iPhone can handle, Apple uses larger server-based models on its own servers built with Apple silicon, called Private Cloud Compute.

Another way to handle complex tasks is through ChatGPT. Apple teamed up with OpenAI, so your iPhone might suggest using the chatbot for tasks ChatGPT is good at. You can say no if you want. Apple’s big on privacy for ChatGPT users: their IP addresses stay hidden, and OpenAI doesn’t store their requests.

Your iPhone will ask you whether you want to use ChatGPT or not | Image credit – Apple

When Apple eventually reveals more details about its AI, likely in September during the iPhone 16 series unveiling, I hope the company will also expand compatibility for its Apple Intelligence, even if not on-device.

This could be a great solution for iPhone owners who still want to try the AI features but aren’t ready or able to upgrade yet or don’t mind their data going to a cloud. You know, offering someone a sneak peek is one of the best ways to convince them to buy it later on.


[ad_2]
Source link

Hackers Exploiting MS Office Editor Vulnerability Deploy Keylogger

andreasc
-
0
Hackers Exploiting MS Office Editor Vulnerability Deploy Keylogger
[ad_1]

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.

The group has been exploiting a known vulnerability (CVE-2017-11882) in the Microsoft Office equation editor (EQNEDT32.EXE) to distribute a keylogger, posing significant user risks worldwide.

The vulnerability in question, CVE-2017-11882, resides in the equation editor component of Microsoft Office.

This flaw allows attackers to execute arbitrary code by exploiting the equation editor, often embedded in Office documents.

According to the AhnLab Security Intelligence Center (ASEC) reports, despite being an old vulnerability, it remains a potent tool for cybercriminals due to its high success rate in executing malicious scripts.

The Kimsuky group has been leveraging this vulnerability to run a page with an embedded malicious script using the mshta process.

Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot.

The attack begins when a user opens a compromised Office document, triggering the equation editor to execute mshta.exe.

mshta.exe executed via the equation editor program (EQNEDT32.exe)
mshta.exe executed via the equation editor program (EQNEDT32.exe)

The Malicious Script

The mshta process connects to a page named error.php, which deceptively displays a “Not Found” message to the user, masking the execution of the malicious script.

The C2 server screen (mshta.exe)
The C2 server screen (mshta.exe)

The content of error.php, reveals the script’s major behaviors, including downloading additional malware via a PowerShell command, creating a file named desktop.ini.bak under the Users\Public\Pictures path, and attempting to register this file in the Run key under HKLM with the name “Clear Web History.”

However, due to an error in the script, this registration fails initially.

Content of the malicious script (error.php)
Content of the malicious script (error.php)

The Keylogger Deployment

Upon correcting the script for replication purposes, the desktop.ini.bak file is successfully created and registered.

This file is crucial for the keylogger’s operation.

Registration to the autorun registry
Registration to the autorun registry

The first downloaded malware, a PowerShell script, collects system and IP information and sends it to the C2 server.

It also can download and execute a keylogger from the C2.

The keylogger script creates the desktop.ini.bak file in the Users\Public\Music path to record users’ keystrokes and clipboard data.

It uses a mutex value “Global\AlreadyRunning19122345” to prevent duplicate instances.

The collected data is periodically sent to the C2 server, deleted, and recreated, ensuring continuous data exfiltration.

The Kimsuky group’s persistent exploitation of CVE-2017-11882 underscores the importance of patching vulnerabilities promptly.

Users must ensure their software is updated to the latest versions and avoid using software that has reached the end of service (EOS).

It is also crucial to refrain from opening suspicious document files and keep security solutions, such as V3, updated to prevent malware infections.

Implementing endpoint security products and sandbox-based APT solutions like MDS can significantly mitigate the risks of such cyberattacks.

IOC

MD5s

  • 279c86f3796d14d2a4d89049c2b3fa2d
  • 5bfeef520eb1e62ea2ef313bb979aeae
  • d404ab9c8722fc97cceb95f258a2e70d

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


[ad_2]
Source link

Update now! Google Pixel vulnerability is under active exploitation

andreasc
-
0
Update now! Google Pixel vulnerability is under active exploitation
[ad_1]

Google has notified Pixel users about an actively exploited vulnerability in their phones’ firmware.

Firmware is the code or program which is embedded into hardware devices. Simply put, it is the software layer between the hardware and the applications on the device.

About the vulnerability, Google said there are indications it may be:

“under limited, targeted exploitation.”

This could mean that the discovered attacks were very targeted, for example by state-sponsored actors or industry-grade spyware. However, it’s still a good idea to get these patches as soon as you can. And whether you have a Pixel or not, all Android users should make sure they’re using the latest version available, because the June 2024 security update addresses a total of 50 security vulnerabilities.

Updates to address this issue are available for supported Pixel devices, such as Pixel 5a with 5G, Pixel 6a, Pixel 6, Pixel 6 Pro, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel 8, Pixel 8 Pro, Pixel 8a, and Pixel Fold.

For these Google devices, security patch levels of 2024-06-05 or later address this issue. You can find your device’s Android version number, security update level, and Google Play system level in your Settings app.

You should get notifications when updates are available for you, but it’s not a bad idea to manually check for updates. For most phones it works like this: Under About phone or About device you can tap on Software updates to check if there are new updates available for your device, although there may be slight differences based on the brand, type, and Android version of your device.

Technical details

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVE for this vulnerability is:

CVE-2024-32896: an elevation of privilege (EoP) issue in Pixel firmware.

An elevation of privilege vulnerability occurs when an application gains permissions or privileges that should not be available to them. This can be a key element in an attack chain when a cybercriminal wants to move forward from initial access to a device to a full compromise.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.


[ad_2]
Source link
1...114115116...1,452Page 115 of 1,452