Update Your Pixel Now to Fix This Security Flaw

Earlier this month, Google released a security update for its Pixel line of smartphones, releasing fixes for 45 vulnerabilities in Android. Security updates aren’t as prominent as Feature Drops , and so users may not feel motivated to update their Pixels immediately. However, you should install this update as soon as possible.

As it turns out, among these 45 patched vulnerabilities, there is one particularly dangerous one. The vulnerability is tracked as CVE-2024-32896 and is an escalation of privilege vulnerability. These flaws can allow attackers to gain access to system functions that they would not normally have permission to access, opening the door to dangerous attacks. While most of these vulnerabilities are usually discovered before attackers know how to exploit them, the situation with CVE-2024-32896 is not so fortunate: In the notes for this security update, Google says: “There are indications that CVE-2024-32896 2024- 32896 may be subject to limited and targeted use.”

This makes this vulnerability an example of a zero-day problem, a flaw that attackers know how to exploit before a patch is made available to the general public. Every pixel that does not have this patch installed remains vulnerable to attackers who are aware of this problem and want to take advantage of it.

Google hasn’t revealed any further information about CVE-2024-32896, so we don’t know much about how it works, but it looks like a particularly nasty vulnerability nonetheless. In fact, Forbes reports that the United States government has taken note of the issue and has set a July 4 deadline for all federal employees using Pixels: upgrade your phone or “stop using the product.”

GrapheneOS, which develops an open-source, privacy-focused OS for smartphones, says the patch for CVE-2024-32896 is actually the second half of a larger patch : Google patched CVE-2024-29748 in April, and according to GrapheneOS, both aimed to fix vulnerabilities that were being exploited by forensics companies.

This tweet is currently unavailable. It may be downloading or has been deleted.

How to fix your pixel

To install this security patch on your Pixel, go to Settings > System > Software Update . When the update is available, you can install it by following the on-screen instructions. Alternatively, you can ask Google Assistant to “Update my phone now.”

More…

Leave a Reply