Update your phone in 10 days or stop using them: US government to Google Pixel users

What could be more detrimental than learning that your phone has some major security flaws? Finding out that one of the vulnerabilities is actively being exploited by attackers. Google gave little information about CVE-2024-32896 during the most recent monthly Pixel update, but the U.S. government has stepped in and ordered federal employees to update their Pixel devices before July 4 "or discontinue use of the product."

Google noted that CVE-2024-32896 "may be under limited, targeted exploitation." You have 10 days to take action after that. Although the warning is aimed at government organisations, other businesses ought to follow suit and require complete staff compliance. Users who link their devices to any corporate systems, particularly those who are personal users, should also exercise caution.

The Cybersecurity and Infrastructure Security Agency, or CISA, is in charge of managing the Known Exploited Vulnerabilities (KEV) catalogue, which is how the US government issues warnings. Its warning only states, "Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation."

GrapheneOS has stated that this is the second installment of a patch for vulnerabilities it disclosed in April that are “being actively exploited in the wild by forensic companies,” despite Google having not released any more information on the zero-day vulnerability.

Graphene OS further stated, "It's fixed on Pixels with the June update (Android 14 QPR3) and will be fixed on other Android devices when they eventually update to Android 15. If they don't update to Android 15, they probably won't get the fix, since it has not been backported."

To update your Pixel, go to Settings > System > Software updates and if you have an update pending, simply follow the directions.