Do you know what’s worse than discovering that your phone has some serious vulnerabilities? Finding out that one of the vulnerabilities is actively being exploited by attackers. During the latest monthly Pixel update,
Google noted that CVE-2024-32896 “may be under limited, targeted exploitation.” The zero-day exploit (which simply means that the vulnerability was unknown to the phone manufacturer and no fix or patch was available when discovered)
was listed in the Pixel Update Bulletin as “High Severity.”
According to
Forbes, this vulnerability has made the U.S. government so nervous that it is ordering all federal employees with a Pixel handset to update their phones before July 4th “or discontinue use of the product.” While the warning is directed at U.S. government agencies, companies might want to follow suit; even individuals who use company Wi-Fi to connect to the internet should install the latest security update as soon as possible.
The US government warning comes from the Known Exploited Vulnerabilities (KEV) listings that are managed by CISA (Cybersecurity and Infrastructure Security Agency). The advisory said, “Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.” Privilege escalation would allow an attacker to use an app to capture information that normally would not be available to the bad actor.
GrapheneOS posts more information about the security update
Even though the U.S. government seems focused on Pixel users, GrapheneOS says that the vulnerability isn’t just a concern for Pixel users. Graphene OS says, “It’s fixed on Pixels with the June update (
Android 14 QPR3) and will be fixed on other Android devices when they eventually update to
Android 15. If they don’t update to
Android 15, they probably won’t get the fix, since it has not been backported.”
To update your Pixel, go to Settings > System > Software updates and if you have an update pending, simply follow the directions. In a situation like this, we’d suggest that all Pixel users, whether they work for the U.S. government or not, update their phones right away.