127
According to the Google Pixel Security Vulnerability Report recently released by the Cybersecurityhelp website, as many as 120 security vulnerabilities have been found in Google Pixel series mobile phones recently.
Among the 120 security vulnerabilities, none of them were classified as “critical” in terms of their risk ratings; 7 were classified as “high”. There is one “medium” vulnerability, and the rest belong to the “low” (low) risk level security vulnerabilities.
Belonging to the “high” risk level, the following vulnerabilities are worth noting:
- CVE-2023-21054: This vulnerability is a remote code execution vulnerability. The Modem sub-component stored in the Pixel phone fails to properly check the input; hackers can induce users to open a specially crafted file to induce this vulnerability and execute it remotely Arbitrary code.
- CVE-2023-24033: This vulnerability is also a remote code execution vulnerability like the previous vulnerability. The Modem subcomponent stored in the Pixel phone fails to properly check the input; hackers can induce users to open specially crafted files to induce this vulnerability. Vulnerability, remote code execution.
- CVE-2023-21058: This vulnerability is also a remote arbitrary code execution vulnerability like the previous vulnerability. The Cellular firmware subcomponent stored in the Pixel phone fails to properly check the input; hackers can lure users to open specially crafted files This vulnerability is induced to execute arbitrary code remotely.
- CVE-2023-21057: This vulnerability, like CVE-2023-21058, also exists in the Cellular firmware subcomponent of the Pixel phone, and it is also a vulnerability that fails to properly check the input; hackers can induce users to open specially crafted files to induce this vulnerability. Vulnerability, remote code execution.
- CVE-2023-42499: This vulnerability resides in the modem subcomponent of the Pixel phone, and it is also a vulnerability that fails to properly check input. Hackers can induce users to open specially crafted files to induce this vulnerability and execute arbitrary code remotely.
- CVE-2023-42498: This vulnerability exists in the Cellular firmware subcomponent of the Pixel phone, and it is also a vulnerability that fails to properly check the input; hackers can induce users to open specially crafted files to induce this vulnerability, and remotely execute arbitrary code.
- CVE-2023-43043: This vulnerability belongs to the integer overflow error in the parse.c formula; hackers can pass specially crafted data into the application to induce this vulnerability, execute arbitrary code remotely, and completely control the victim device.
Affected products: Google Pixel phones using firmware versions before March 1, 2023.
Solution: Google Pixel phone users are advised to immediately update their phones to the latest version to patch these vulnerabilities.
This article is reproduced from TWCERT/CC.