Update your phone in 10 days or stop using them: US government to Google Pixel users

By Team Asianet NewsableFirst Published Jun 24, 2024, 2:53 PM IST
Highlights

During the latest monthly Pixel update, Google noted that CVE-2024-32896 "may be under limited, targeted exploitation." The zero-day exploit (which simply means that the vulnerability was unknown to the phone manufacturer and no fix or patch was available when discovered) was listed in the Pixel Update Bulletin as "High Severity."

What could be more detrimental than learning that your phone has some major security flaws? Finding out that one of the vulnerabilities is actively being exploited by attackers. Google gave little information about CVE-2024-32896 during the most recent monthly Pixel update, but the U.S. government has stepped in and ordered federal employees to update their Pixel devices before July 4 "or discontinue use of the product."

Google noted that CVE-2024-32896 "may be under limited, targeted exploitation." You have 10 days to take action after that. Although the warning is aimed at government organisations, other businesses ought to follow suit and require complete staff compliance. Users who link their devices to any corporate systems, particularly those who are personal users, should also exercise caution.

Tap to resize

Latest Videos

The Cybersecurity and Infrastructure Security Agency, or CISA, is in charge of managing the Known Exploited Vulnerabilities (KEV) catalogue, which is how the US government issues warnings. Its warning only states, "Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation."

GrapheneOS has stated that this is the second installment of a patch for vulnerabilities it disclosed in April that are “being actively exploited in the wild by forensic companies,” despite Google having not released any more information on the zero-day vulnerability.

CVE-2024-32896 which is marked as being actively exploited in the wild in the June 2024 Pixel Update Bulletin is the 2nd part of the fix for CVE-2024-29748 vulnerability we described here:https://t.co/c4xnnbje04

As we explained there, none of this is actually Pixel specific.

— GrapheneOS (@GrapheneOS)

Graphene OS further stated, "It's fixed on Pixels with the June update (Android 14 QPR3) and will be fixed on other Android devices when they eventually update to Android 15. If they don't update to Android 15, they probably won't get the fix, since it has not been backported."

To update your Pixel, go to Settings > System > Software updates and if you have an update pending, simply follow the directions. 

click me!