Following the Pixel feature update in June, Google released an important security patch aimed at fixing a major firmware vulnerability in Pixel devices. Now, a new announcement from the US government appears to underscore the severity of the vulnerability, which is also believed to affect non-Pixel Android devices.
According to a report by L Forbes The US government, through the Cybersecurity and Infrastructure Security Agency (CISA), has issued a new warning to all federal employees with Pixel devices to update their devices by the Fourth of July. Otherwise, they will be advised to stop using smartphones.
Individuals and businesses are also advised to update their Pixel devices to the latest software to close the vulnerability.
The vulnerability, named CVE-2024-29748, was part of vulnerabilities discovered by the GrapheneOS group. Google released the first patch in April, while the second patch named CVE-2024-32896 via Android 14 QPR3 (Quarterly Platform Release) was released in June.
The CVE-2024-32896 flagged as actively exploited in the June 2024 Pixel Update Bulletin is the second part of the fix for the CVE-2024-29748 vulnerability that we described here: https://t.co/c4xnnbje04
As we explained there, none of this is actually Pixel-specific.
– GrapheneOS (@GrapheneOS) June 13, 2024
Although Google did not provide details about these vulnerabilities, it is known that they have already been exploited as zero-day vulnerabilities by forensic experts and hackers to attack groups or individuals.
A zero-day exploit is a security vulnerability that is exploited in attacks to gain access to and control sensitive devices and information before the manufacturer notices or discovers the vulnerability being exploited by hackers.
Are all Android devices affected by zero-day vulnerabilities?
According to GrapheneOS, it's not just Pixel devices that are at risk, but also most other Android devices. The only problem is that the fix for non-Pixel models won't come until Android 15 as it will have to be ported to the back. What's worse is that phones or tablets that can't be updated to Android 15 may not receive a fix for the vulnerability.
However, you can protect yourself and your device from other security threats by following some basic security measures, such as updating to the latest software, avoiding connecting to public Wi-Fi, and enabling features like stolen device protection.
What do you think about these Android vulnerabilities? Should Google and other manufacturers be forced to find a more realistic and faster solution to this? Let's discuss your answers in the comments.
Lifelong foodaholic. Professional twitter expert. Organizer. Award-winning internet geek. Coffee advocate.