Google unveiled a high severity firmware vulnerability on Google Pixel devices, labeled CVE-2024-32896, that could be exploited, prompting a warning from the US government to update devices by July 4 or discontinue use. The warning from CISA, the Cybersecurity and Infrastructure Security Agency, highlights the need for federal agencies to comply and urges other companies to follow suit to protect their systems. This zero-day vulnerability, which allows privilege escalation, is part of a fix for previously reported vulnerabilities actively exploited in the wild by forensic companies. While Pixel devices have received the June update to address this issue, other Android devices will require an update to Android 15 to receive the fix.
In addition to the firmware vulnerability, Google has introduced new security measures for installing risky applications, requiring a biometric or PIN authentication. This comes amidst reports of over 90 malicious applications found on the Play Store with millions of installations, as well as the discovery of an Android Trojan named Rafel targeting older devices. The threat landscape for Android users is becoming increasingly dangerous, necessitating immediate action to safeguard devices.
As the July 4 deadline approaches, all Pixel owners are advised to update their devices to ensure protection against potential exploits. The update process should be automatic, and a reboot will finalize the installation. Detailed instructions on how to verify the update status of Pixel devices are available for users to follow. With the increasing threats to Android devices, staying informed and taking proactive security measures is essential to maintain the integrity and security of personal and business systems.
Article Source
https://www.forbes.com/sites/zakdoffman/2024/06/23/google-pixel-warning-10-days-to-update-or-stop-using-phone/