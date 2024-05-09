



Pixel users are being warned to update their devices as soon as the latest software is downloaded to their phones in the coming days. This new update provides important fixes and also addresses April's nasty surprise…

New update issues warning to millions of Pixel users

There was also a surprising report that the April Pixel update was a mess… [and] Although it didn't reach all eligible Pixel phones, it's critical that the May rollout runs smoothly and that all Pixel users apply it as soon as it's available. You may also have noticed that Google has secretly issued his second April update. That's why it's even more important to make sure your device is up to date.

Chances are, you've already installed the April update, as it patches two vulnerabilities that Google has warned may have limited and targeted exploitation. You should specifically make sure that you have the latest updates.

Learn more about your device's update schedule and how to check if new software is installed. Mays Pixel updates can be found here. This includes the expected software build number.

This month's critical security fix impacts the device changelog and could potentially lead to local elevation of privilege without requiring additional execution privileges. This means that an attacker would need to gain access to the device alone and disable platform and service mitigations, but such vulnerabilities are often part of a more sophisticated chained attack. This can be exploited as a security threat, amplifying the threat.

In addition to Android software fixes, this update also addresses issues with hardware components on Qualcomm, Arm, and MediaTek devices. All of these are high severity, but the severity has decreased again since April, when Qualcomm's critical vulnerabilities were confirmed to have been resolved, making them even more alarming. Still, don't think about the Samsung users who saw security patch delays for their Qualcomm modems.

This month's high-severity Pixel fixes are also primarily local privilege escalation vulnerabilities that affect the Android framework and core system services themselves used by apps through APIs. Again, on its own it's relatively contained, but when combined with other weaknesses the threat level can change.

All Pixel owners should ensure that Google Play Protect is enabled on their devices and that apps are only installed from the Play Store. As long as such updates are applied as soon as they become available, this will go a long way in ensuring you stay safe from known issues.

This is especially important given recent Android security alerts such as Brokewell and Microsoft's Dirty Stream report.

In addition to security fixes, the Mays Pixel update includes general improvements to Bluetooth LE audio stability or performance and fixes for camera performance under certain conditions when recording video.

Overall, May's update is a much more benign update than last month's, which patched vulnerabilities that are being actively exploited by forensic software vendors around the world. And expect even more next month, with a more substantial quarterly update planned.

This update won't get much buzz, especially in contrast to the more exciting news about Google's latest AI-centric product, the Pixel 8a. From a security perspective, it will be particularly interesting to see how this plays out with Samsung's hybrid AI, which is currently expanding its reach.

Privacy and security in AI is still very new and poorly understood at this point. But things change when you start to really see the impact of on-device versus off-device processing.

Unsurprisingly, Google's latest smartphone launch coincides with the Google Tensor G3 chip, the fastest and most secure chip ever in the Pixel 8 and 8 Pro. It also works with the certified Titan M2 security chip and built-in VPN for added protection and includes new standard his 7 year software updates.

Security and privacy will be differentiators for this next generation of devices, and while Apple will be competing primarily against Samsung in the premium market, it's clear that Google will be doing the same as well.

