If youâre a Pixel user, then you have just been warned to update your device as soon as the latest software is downloaded to your phone over the next few days. This new update provides a critical fix, and also addresses Aprilâs nasty surprise…
With surprising reports that Aprilâs Pixel update âwas reportedly a mess… [and] didnât reach all the qualifying Pixel smartphones,â itâs critically important that Mayâs rollout runs smoothly and all Pixel users apply it as soon as itâs made available. You might also have noticed that Google quietly issued a second April update as well, so even more important that you ensure your device is up-to-date.
In all likelihood, Aprilâs update will have been installed by now, but because it patched two vulnerabilities that Google warned âmay be under limited, targeted exploitation,â you should specifically check that the latest update is applied.
You can find details on the update schedule for your device and how to check whether new software has been installed here. Mayâs Pixel update bulletin can be found here, and includes the software build numbers you should expect to see.
This monthâs critical security fix impacts the deviceâs change log, and could lead to âlocal escalation of privilege with no additional execution privileges needed.â While this means that in isolation an attacker would need access to your device, and for âplatform and service mitigationsâ to be disabled, such vulnerabilities can often be exploited as part of a more sophisticated chain attack, which expands the threat.
In addition to Android software fixes, the update also addresses issues with hardware components on devices, from Qualcomm, Arm and MediaTek. All of these are high-severity, but again a step-down from April when we saw a critical Qualcomm vulnerability addressed, which was more alarming. Even so, spare a thought for Samsung users who saw a delay in the Qualcomm modem security patch.
The high-severity Pixel fixes this month are also primarily local escalation of privileges vulnerabilities, impacting the Android Framework used by apps through APIs and the core system services themselves. Again, while relatively contained in isolation, when combined with other weaknesses the threat level can change.
All Pixel owners should ensure that Google Play Protect is enabled on their devices, and that apps are only installed from the Play Store. This will go a long way towards ensuring you remain safe from known issuesâas long as updates such as this one are applied as soon as theyâre made available.
This is especially important given recent Android security warnings, including Brokewell and Microsoftâs Dirty Stream report.
In addition to security fixes, Mayâs Pixel update includes âgeneral improvements in stability or performance for Bluetooth LE audio,â as well as âa fix for camera performance under certain conditions when recording video.â
All told, May is a much more benign update that last monthâs, which patched vulnerabilities being actively exploited in the wold by forensics software vendors. And next month weâre due a much fuller, quarterly updateâso that also promises more.
This update will make few headlines, especially when set against the more exciting Pixel 8a news, which is the latest AI-centric offering from Google. From a security perspective, how this plays against Samsungâs hybrid-AI which is now being extended across its range will be especially interesting.
AI privacy and security is little understood as weâre all still in the âshiny new thingâ phase right now. But when the implications of on-device versus off-device processing really start to hammer home, that will change.
Unsurprisingly, Googleâs latest phone launch matches the Pixel 8 and 8 Proâs âfastest and most secure chip to date,â Googleâs Tensor G3 chip. It also âworks with the certified Titan M2 security chip and built-in VPN for additional protection,â and includes the new normal seven years of software updates.
Security and privacy is set to become on eon they differentiators of this next generation of devices, and while this will mainly see Apple go head-to-head with Samsung in the premium market, Google will clearly play as well.