With the Google Pixel update this month, many salient features and updates came out for Android, including the quarterly feature CVE-2024-32896 rolling out. The firmware had a major issue of high-severity vulnerability, and Google cautioned users that this weakness could be exploited by bad actors. Users were still coming around the potential threat to their phones when they were presented with another blow of one of the vulnerabilities under attack. While the Pixel Update Bulletin listed the zero-day exploit as High Severity, the U.S. government has decided to intervene and take that matter into its own hands.
The U.S. government has given the users two options: either to update their phones in 10 days or to discontinue using the device
Google was unaware of the security vulnerability and could not resolve the issue with a security patch when it first surfaced. The zero-day exploit has led to an air of nervousness, especially with the U.S. government stepping in and issuing a strict order regarding the security update.
As reported by Forbes, the government has ordered federal employees to go with either of the two options: discontinue the use of their Pixel devices or update the phone by July 4th. This gives users 10 days to act upon the order. Even if the warning is for government agencies, companies might be following the order, and individuals that connect to the internet of companies should also be going ahead with the security update to safeguard against any potential harm.
Cybersecurity and Infrastructure Security Agency (CISA), in its known Exploited Vulnerabilities KEV listings, laid out the potential security risk in the firmware and warned Pixel users of the flaw. This vulnerability gave attackers a window to access the phone using malicious apps so they could access private information.
GrapheneOS mentioned that the issue was previously reported in April, and this is another part of the same security problem, the CVE-2024-29748 vulnerability. For which the fixes were established but were already actively exploited by forensic companies.
April release of the Pixel boot chain firmware includes fixes for 2 vulnerabilities reported by GrapheneOS which are being actively exploited in the wild by forensic companies:https://t.co/W9OjQcfZ30https://t.co/UWAaA9er57
These are assigned CVE-2024-29745 and CVE-2024-29748.
— GrapheneOS (@GrapheneOS) April 2, 2024
The company further expressed its concern that the problem was not limited to Pixel devices, stating that the issue would also crawl to Android devices and be resolved when they updated to Android 15. The firm says:
It's fixed on Pixels with the June update (Android 14 QPR3) and will be fixed on other Android devices when they eventually update to Android 15.
Users can update their Pixel devices by simply going to Settings, tapping on Systems, and choosing Software update from there if they still haven't updated. All Android users should take CISA's warning seriously to avoid any damage to their devices.
Follow Wccftech on Google to get more of our news coverage in your feeds.
