{"id":236031,"date":"2024-06-25T02:09:26","date_gmt":"2024-06-25T02:09:26","guid":{"rendered":"https:\/\/michigandigitalnews.com\/index.php\/2024\/06\/25\/government-workers-are-being-told-to-immediately-update-their-pixel-phones-to-patch-a-serious-exploit\/"},"modified":"2025-06-25T17:16:16","modified_gmt":"2025-06-25T17:16:16","slug":"government-workers-are-being-told-to-immediately-update-their-pixel-phones-to-patch-a-serious-exploit","status":"publish","type":"post","link":"https:\/\/michigandigitalnews.com\/index.php\/2024\/06\/25\/government-workers-are-being-told-to-immediately-update-their-pixel-phones-to-patch-a-serious-exploit\/","title":{"rendered":"Government workers are being told to immediately update their Pixel phones to patch a serious exploit"},"content":{"rendered":"

[ad_1]
\n<\/p>\n

\n

The US government has issued a dire warning to employees with Pixel phones, mandating a security update by July 4, as originally reported by Forbes<\/em><\/a>. This is due to a high-severity firmware vulnerability within the Android operating system that could open up devices to \u201climited, targeted exploitation.\u201d<\/p>\n

There\u2019s already a patch<\/a> for the zero-day exploit but it requires a visit to the settings app to make sure the device is up to date. Government employees who do not install the security update by July 4 must \u201cdiscontinue use of the product.\u201d It should go without saying that the rest of us should also heed these warnings, particularly those who connect to enterprise servers.<\/p>\n

Google has remained mum as to the actual details of the vulnerability, but government involvement makes it seem a bit more serious than your average exploit. The federal mandate is directed exclusively at Pixel devices, but it looks like the exploit could extend to other Android phones.<\/p>\n

The folks behind GrapheneOS, an operating system based on Android, note that the vulnerability is not exclusive to Pixel phones. The organization says a fix will be part of any update to Android 15, which releases in August, but that it hasn\u2019t been backported. So, if you opt not to update the OS, you likely won\u2019t get the patch. It remains unclear if there are any other options for mitigation. We reached out to Google and will update this post when we know more.<\/p>\n

\n
\n

CVE-2024-32896 which is marked as being actively exploited in the wild in the June 2024 Pixel Update Bulletin is the 2nd part of the fix for CVE-2024-29748 vulnerability we described here:https:\/\/t.co\/c4xnnbje04<\/a><\/p>\n

As we explained there, none of this is actually Pixel specific.<\/p>\n

\u2014 GrapheneOS (@GrapheneOS) June 13, 2024<\/a><\/p>\n<\/blockquote>\n<\/div>\n

The warning issued by the US government, as described in the Known Exploited Vulnerabilities (KEV) catalog<\/a>, is also stingy with the details. The advisory simply states that \u201cAndroid Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.\u201d GrapheneOS says the exploit fails to wipe the memory when running a firmware-based fastboot mode, which potentially allows nefarious actors to exploit the system \u201cto get previous OS memory.\u201d<\/p>\n

To recap, update your Pixel Phone immediately via the settings app, while those with other Android phones should sit tight for now. It\u2019s never wise to mess with these zero-day exploits<\/a> and the involvement of the US government has certainly heightened the threat level a bit here.<\/p>\n<\/div>\n