Summary

  • Federal employees with Pixel phones must update by July 4 to protect against potential exploitation of a significant Android vulnerability.
  • Google’s June update addresses the CVE-2024-32896 vulnerability in Pixel devices, but all Android devices are potentially at risk.
  • To check for updates on your Pixel device, go to Settings, Security & privacy, System & updates, Security update. Stay vigilant against threats.



Android, an open-source and free operating system, is not fully immune to exploitation and vulnerabilities, even on its flagship phones. Despite Google’s monthly security patches, the threat of malicious actors compromising user data and privacy remains significant. This means that every Android user, regardless of their device, could potentially be a target for such attacks.

Related

Google wants to help you cool down your overheating Pixel

Take some actions manually to bring your Pixel’s temperature under control

Google’s June zero-day exploit patch was a critical response to the CVE-2024-32896 Android vulnerability in Pixel devices. This firmware, labeled as “High Severity” in the Pixel Update Bulletin, was noted by Google to be “under limited, targeted exploitation.” The severity of this vulnerability has now prompted the US government to issue a warning, giving federal employees a mere ten days to update their Pixel phones.



Federal employees have ten days to update their Pixel devices

As reported by Forbes, the US government has issued a stark warning to federal employees with Pixel phones: update your devices by July 4 or cease using them. This warning extends to all government agencies, and it is strongly advised that other enterprises and entities also mandate their employees to update their Pixel devices.

The warning to federal employees is listed in the Known Exploited Vulnerabilities (KEV) catalog, managed by CISA (Cybersecurity and Infrastructure Security Agency). While the warning was initially intended for government employees and enterprises, any personal user who connects their Pixel devices to enterprise systems should also follow suit.


While Google’s disclosure about the recent zero-day vulnerability was limited, GrapheneOS on X revealed that the issue isn’t isolated to Pixel devices. In fact, all Android devices are potentially at risk. According to GrapheneOS, the issue has been resolved in Pixel phones with the June update (Android 14 QPR3), and it will also be addressed in other Android phones when they’re updated to Android 15. This means that if an Android device isn’t eligible for updating to Android 15, it won’t receive the necessary fix.

Google’s second installment of the zero-day exploit patch was released on June 14. To ensure your Pixel device is up-to-date, follow these steps: Go to Settings → Security & privacy → System & updates → Security update. This will allow you to manually check for any available updates for your device.