Google has notified Pixel users about an actively exploited vulnerability in their phones’ firmware.

Firmware is the code or program which is embedded into hardware devices. Simply put, it is the software layer between the hardware and the applications on the device.

About the vulnerability, Google said there are indications it may be:

“under limited, targeted exploitation.”

This could mean that the discovered attacks were very targeted, for example by state-sponsored actors or industry-grade spyware. However, it’s still a good idea to get these patches as soon as you can. And whether you have a Pixel or not, all Android users should make sure they’re using the latest version available, because the June 2024 security update addresses a total of 50 security vulnerabilities.

Updates to address this issue are available for supported Pixel devices, such as Pixel 5a with 5G, Pixel 6a, Pixel 6, Pixel 6 Pro, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel 8, Pixel 8 Pro, Pixel 8a, and Pixel Fold.

For these Google devices, security patch levels of 2024-06-05 or later address this issue. You can find your device’s Android version number, security update level, and Google Play system level in your Settings app.

You should get notifications when updates are available for you, but it’s not a bad idea to manually check for updates. For most phones it works like this: Under About phone or About device you can tap on Software updates to check if there are new updates available for your device, although there may be slight differences based on the brand, type, and Android version of your device.

Technical details

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVE for this vulnerability is:

CVE-2024-32896: an elevation of privilege (EoP) issue in Pixel firmware.

An elevation of privilege vulnerability occurs when an application gains permissions or privileges that should not be available to them. This can be a key element in an attack chain when a cybercriminal wants to move forward from initial access to a device to a full compromise.

---

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

While the new-generation Xbox One consoles have been out for a while, until recently there weren't any softmods (software modifications to make a system behave differently) for users. That has seemingly changed, as an individual has revealed the existence of a Kernel-level exploit along with a limited proof of concept. The method uses an easily-available app called 'Game Script' present on the Microsoft store.

'Game Script' Xbox Console Kernel-Level Exploit

carrot_c4k3, the individual behind the discovery, disclosed on X that the exploit, which is not a jailbreak, works against the System OS software that exists on newer Xbox consoles such as the Xbox One. System OS exists to enable developers to run a wide variety of applications on these consoles through the use of virtualization technology. Applications downloaded from the Microsoft Store run on this layer. Xbox users can typically gain access to this environment by enabling developer mode on their consoles. However, carrot_c4k3 stated that while the exploit allows full control over vm homebrews on retail Xbox, it did not enable the use of pirated software upon usage. The method currently relies on the Game Script UWA application available on the Microsoft Store, which allows users to run and execute custom languages on the devices. The exploit consists of two components:

1. User mode: Initial steps where the user gains native code execution in the context of UWP (Microsoft Store) applications.
2. Kernel exploit: In this step the user exploits a Kernel vulnerability on these devices to gain full read/write permissions, which would then enable them to elevate the privileges of a particular running process.

The proof of concept exploit shared on Github is currently limited within the context of UWP apps, which are more 'locked down.' However, carrot_c4k3 shared their intent to release another exploit for Xbox one/X series consoles by next month that would allow for full Kernel-level access over read/write permissions within the System OS environment. The full exploit is stated to rely on leaks within the 'NtQuerySystemInformation' component, which are not available on UWP apps. Hence, the user is developing an alternative exploit that does not rely on UWP apps. The exploit allows users to bypass the fees required to enable the developer mode on Xbox consoles, as well as grant them the ability to modify game save data on the devices, but does not allow for the modding of the actual games themselves. The modder also discussed the possibility of using the exploit to allow the usage of 'simple emulators' meant to emulate games intended for older devices. carrot_c4k3 admitted that the exploit could potentially be detected by Microsoft, recommending to perform it on a dedicated offline console instead.

Exploit Might Have Been Patched In Newer Xbox Firmware Versions

A set of steps to be performed for the hack was shared on the Xbox One Research Github page:

• Ensure your Xbox Live account Login-Type is configured as “No barriers” aka. auto-login with no password prompt
• Set your console as “Home Console” for this account
• Download the App Game Script
• Start the app (to ensure license is downloaded/cached)
• Take your console offline! To make extra sure it cannot reach the internet, set a manual primary DNS address of 127.0.0.1
• Get a device/microcontroller that can simulate a Keyboard (rubber ducky or similar) - otherwise you have to type a lot manually :D

The page states that the exploit is "likely to be patched soon (in next System Update)." A thread on GBAtemp.net, a forum for discussing various video game platforms, stated that the latest firmware update for the Xbox One console has reportedly already patched the exploit, making the firmware 10.0.25398.4478 the last exploitable version. While the full consequences of this exploit and the one that will be shared are unknown, it highlights the interest that console players have in bypassing manufacturer-intended device limits. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

A topic that I recently got asked about was vulnerability mitigation for IoT systems, which shows that even within the security community there is still a belief that mitigation equals threat resolution.  For IoT systems this simply does not work for many reasons, first among them is that these IoT, OT, or ICS systems performing […]

The post IoT Security Means Remediation Not Mitigation appeared first on Viakoo, Inc.

The post IoT Security Means Remediation Not Mitigation appeared first on Security Boulevard.

Daft name, serious risk: Kit from ActionTec and Sagemcom remotely ruined and required replacement.

The post ‘Pumpkin Eclipse’ — 600,000+ Rural ISP Routers Bricked Beyond Repair appeared first on Security Boulevard.