During the latest monthly Pixel update, Google noted that CVE-2024-32896 "may be under limited, targeted exploitation."
The advisory said, "Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation."
Even though the U.S. government seems focused on Pixel users, GrapheneOS says that the vulnerability isn't just a concern for Pixel users.
Graphene OS says, "It's fixed on Pixels with the June update ( Android 14 QPR3) and will be fixed on other Android devices when they eventually update to Android 15 .
If they don't update to, they probably won't get the fix, since it has not been backported."
Do you know what's worse than discovering that your phone has some serious vulnerabilities? Finding out that one of the vulnerabilities is actively being exploited by attackers. During the latest monthly Pixel update, Google noted that CVE-2024-32896 "may be under limited, targeted exploitation." The zero-day exploit (which simply means that the vulnerability was unknown to the phone manufacturer and no fix or patch was available when discovered) was listed in the Pixel Update Bulletin as "High Severity."
According to Forbes , this vulnerability has made the U.S. government so nervous that it is ordering all federal employees with a Pixel handset to update their phones before July 4th "or discontinue use of the product." While the warning is directed at U.S. government agencies, companies might want to follow suit; even individuals who use company Wi-Fi to connect to the internet should install the latest security update as soon as possible.
The US government warning comes from the Known Exploited Vulnerabilities (KEV) listings that are managed by CISA (Cybersecurity and Infrastructure Security Agency). The advisory said, "Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation." Privilege escalation would allow an attacker to use an app to capture information that normally would not be available to the bad actor.
Android 15 , they probably won't get the fix, since it has not been backported." Even though the U.S. government seems focused on Pixel users, GrapheneOS says that the vulnerability isn't just a concern for Pixel users. Graphene OS says, "It's fixed on Pixels with the June update ( Android 14 QPR3) and will be fixed on other Android devices when they eventually update to Android 15 . If they don't update to, they probably won't get the fix, since it has not been backported."