If you’re a Pixel user, then you have just been warned to update your device as soon as the latest software is downloaded to your phone over the next few days. This new update provides a critical fix, and also addresses April’s nasty surprise…
With surprising reports that April’s Pixel update “was reportedly a mess… [and] didn’t reach all the qualifying Pixel smartphones,” it’s critically important that May’s rollout runs smoothly and all Pixel users apply it as soon as it’s made available. You might also have noticed that Google quietly issued a second April update as well, so even more important that you ensure your device is up-to-date.
In all likelihood, April’s update will have been installed by now, but because it patched two vulnerabilities that Google warned “may be under limited, targeted exploitation,” you should specifically check that the latest update is applied.
You can find details on the update schedule for your device and how to check whether new software has been installed here. May’s Pixel update bulletin can be found here, and includes the software build numbers you should expect to see.
This month’s critical security fix impacts the device’s change log, and could lead to “local escalation of privilege with no additional execution privileges needed.” While this means that in isolation an attacker would need access to your device, and for “platform and service mitigations” to be disabled, such vulnerabilities can often be exploited as part of a more sophisticated chain attack, which expands the threat.
In addition to Android software fixes, the update also addresses issues with hardware components on devices, from Qualcomm, Arm and MediaTek. All of these are high-severity, but again a step-down from April when we saw a critical Qualcomm vulnerability addressed, which was more alarming. Even so, spare a thought for Samsung users who saw a delay in the Qualcomm modem security patch.
The high-severity Pixel fixes this month are also primarily local escalation of privileges vulnerabilities, impacting the Android Framework used by apps through APIs and the core system services themselves. Again, while relatively contained in isolation, when combined with other weaknesses the threat level can change.
All Pixel owners should ensure that Google Play Protect is enabled on their devices, and that apps are only installed from the Play Store. This will go a long way towards ensuring you remain safe from known issues—as long as updates such as this one are applied as soon as they’re made available.
This is especially important given recent Android security warnings, including Brokewell and Microsoft’s Dirty Stream report.
In addition to security fixes, May’s Pixel update includes “general improvements in stability or performance for Bluetooth LE audio,” as well as “a fix for camera performance under certain conditions when recording video.”
All told, May is a much more benign update that last month’s, which patched vulnerabilities being actively exploited in the wold by forensics software vendors. And next month we’re due a much fuller, quarterly update—so that also promises more.
This update will make few headlines, especially when set against the more exciting Pixel 8a news, which is the latest AI-centric offering from Google. From a security perspective, how this plays against Samsung’s hybrid-AI which is now being extended across its range will be especially interesting.
AI privacy and security is little understood as we’re all still in the “shiny new thing” phase right now. But when the implications of on-device versus off-device processing really start to hammer home, that will change.
Unsurprisingly, Google’s latest phone launch matches the Pixel 8 and 8 Pro’s “fastest and most secure chip to date,” Google’s Tensor G3 chip. It also “works with the certified Titan M2 security chip and built-in VPN for additional protection,” and includes the new normal seven years of software updates.
Security and privacy is set to become on eon they differentiators of this next generation of devices, and while this will mainly see Apple go head-to-head with Samsung in the premium market, Google will clearly play as well.