Following the June Pixel feature update, Google released an important security patch which was a second installment to address a major firmware vulnerability in Pixel devices. Now, a new notice coming from the US government seems to highlight the severity of the security flaw that is believed to affect non-Pixel Android devices.
According to the report from Forbes, the US government, through CISA (Cybersecurity and Infrastructure Security Agency), has put up a new warning to all federal employees with Pixel handsets to update their devices by July 4. If not, they are advised to stop using the smartphones.
The bulleting also recommended that private companies and individuals update their Pixel devices to the latest software available to address the exploits.
The vulnerability, which is labeled as CVE-2024-29748, was part of the security issues discovered by the GrapheneOS group. Google released the first patch back in April while a second patch to the two-installment was released this June as CVE-2024-32896 via Android 14 QPR3 (Quarterly Platform Release).
CVE-2024-32896 which is marked as being actively exploited in the wild in the June 2024 Pixel Update Bulletin is the 2nd part of the fix for CVE-2024-29748 vulnerability we described here:https://t.co/c4xnnbje04
As we explained there, none of this is actually Pixel specific.
— GrapheneOS (@GrapheneOS) June 13, 2024
Although Google has not provided in-depth details about these issues, these were known to have already been exploited as zero-day vulnerabilities by forensic firms and hackers to target groups or individuals.
For starters, a zero-day exploit is a vulnerability used in attacks, enabling actors to access devices and sensitive information and even control those before a manufacturer has become aware of or detected the issue used by the hackers.
Are all Android devices affected by zero-day exploits?
According to GrapheneOS, not only the Pixel devices are at risk, but most Android devices as well. The only problem is that the fix for non-Pixel models would only come with Android 15 since it needs to be backported. Even worse, this leaves phones or tablets not eligible to be updated to Android 15 possibly not getting any fix to the security flaw.
Nonetheless, you can always protect yourself and the device against other security threats by following some basic safeguards like updating to the latest software, avoid connecting to public Wi-Fi, and activating features like Stolen Device Protection, among others.
Likewise, what do you think of these vulnerabilities on Android? Should Google and other manufacturers forced to bring a more concrete solution to these? Let us discuss your answers in the comments.