As originally reported by Forbes, due to a high-severity vulnerability, Google has warned federal employees to update their Pixel devices before 4th July, or else they should stop using the device. This warning—CVE-2024-32896—is a part of the Known Exploited Vulnerabilities (KEV) catalog managed by CISA (Cybersecurity and Infrastructure Security Agency).
While Google has not discussed this exploit in detail, the U.S. government has clarified that this is a high-level firmware vulnerability and users should take action ASAP. It has also mentioned that though the warning is directed toward federal employees, other users should comply, especially if they connect their Pixel phones to any enterprise systems.
GrapheneOS took it to X and explained that this is the second part of the fix for another vulnerability reported in April, which is “actively being exploited in the wild by forensic companies.”
What’s concerning is that GrapheneOS also adds that “none of this is actually Pixel specific.” According to Forbes, “It’s fixed on Pixels with the June update (Android 14 QPR3) and will be fixed on other Android devices when they eventually update to Android 15. If they don’t update to Android 15, they probably won’t get the fix since it has not been backported.”
Ensuring you’re on the latest version of your phone’s software is always good practice. To update your Pixel phone, go to Settings > Security & Privacy > System & Updates > Security Update, and click Install. Then restart your phone to ensure that the update is successful.
