Google Discloses Serious Security Flaw in Pixel Update

TapTechNews June 24th news, Google disclosed a serious security flaw (CVE-2024-32896) in the latest monthly Pixel update, which may be exploited by attackers. Even more worryingly, it's a zero-day vulnerability, meaning Google didn't know about it and had no fix when it was discovered. Google lists this vulnerability as 'high-risk'.

According to Forbes, the severity of this vulnerability has unsettled the US government, who requires all federal employees holding Pixel phones to update their phones by July 4th, otherwise they will have to'stop using the product'. Although this warning is for US government agencies, enterprises should also pay attention to this problem, especially individual users using the company's Wi-Fi connection network, and should install the latest security update as soon as possible.

The US government's warning comes from the Known Exploited Vulnerabilities (KEV) managed by the Cybersecurity and Infrastructure Security Agency (CISA). The notice states that 'there is an unspecified vulnerability in the Android Pixel phone firmware that can lead to privilege escalation'. Privilege escalation can allow attackers to steal information that they usually couldn't access through applications.

TapTechNews noted that while the US government is focusing on Pixel users this time, the GrapheneOS security system reminds that the vulnerability doesn't only affect Pixel phones. They said, 'This issue has been fixed on Pixel through the June update (Android 14 QPR3) and will be fixed as other Android devices eventually upgrade to Android 15. However, if not upgrading to Android 15, these devices may not get the fix because the vulnerability fix won't be ported to older versions of the system.'

It is recommended that all Pixel users, regardless of whether they are US government workers or not, update their phones as soon as possible to avoid security risks.