There’s a vulnerability in Pixel devices that Google believes “may be under limited, targeted exploitation.” In line with this, the US government is urging all its employees to use the device to update their units to prevent further issues. However, according to a recent report from a security expert group, the problem might not be limited to Pixel phones but to all Android devices.
Google addressed several issues in its Pixel creations with the June update. One specific vulnerability resolved is CVE-2024-32896, which has a high-severity status according to the company’s records. Even the US government is taking the matter seriously, telling its employees to update their devices in 10 days “or discontinue use of the product.”
According to the US Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities listing, “Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.” With this, the zero-day exploit could allow attackers to steal valuable information from users.
Interestingly, the non-profit group GrapheneOS revealed that the issue is not limited to Pixel devices.
“CVE-2024-32896 which is marked as being actively exploited in the wild in the June 2024 Pixel Update Bulletin is the 2nd part of the fix for CVE-2024-29748 vulnerability we described…,” GrapheneOS shared in a recent post. “As we explained… none of this is actually Pixel specific.”
According to GrapheneOS, the issue will only be resolved through the Android 15 update.
“It’s fixed on Pixels with the June update (Android 14 QPR3) and will be fixed on other Android devices when they eventually update to Android 15,” the group said. “If they don’t update to Android 15, they probably won’t get the fix, since it has not been backported.”
Via Forbes
