Google releases second installment of zero-day exploit patch, but only for Pixel phones

Summary

• Android vulnerabilities are actively exploited by bad actors, leading to potential data theft and ransomware attacks.
• Google released a critical security patch for Pixel phones running Android 15 to address a high-severity vulnerabilitiy.
• All Android devices are at risk, not just Pixels, so updating to the latest OS version is crucial for safeguarding personal information.

Android is a versatile operating system but even our favorite phones aren’t free of risks and safety concerns. Developers around the world are constantly engaged in a cat-and-mouse game with bad actors looking for vulnerabilities in the OS, which could lead to data theft and even impersonation or ransomware attacks. One such vulnerability affecting Android was recently patched for Google Pixel phones running Android 15, but other devices remain vulnerable until they receive an update to the latest version of the OS.

Researchers developing the security-oriented GrapheneOS ROM recently took to X (formerly Twitter) to share that Google just released the second installment of a two-part fix for a critical Android vulnerability (via Bleeping Computer). Known by the unique identifier CVE-2024-32896, this fix is the second installment of the CVE-2024-29748 vulnerability released in April.

This new patch addresses a high-severity security issue in the firmware for Pixel phones. It is marked as such because leaving this unpatched could allow bad actors to escalate the privileges assigned to malicious components without the user’s knowledge. It could eventually compromise your personal information. GrapheneOS elaborates that forensics companies were exploiting the vulnerability against users with apps like Wasted and Sentry, which try wiping the device when an attack is detected.

Pixel devices aren’t the only devices affected

Although this security patch has been released to Android devices running the latest versions of Android 15, which would be Google’s Pixel phones only, GrapheneOS researchers confirm the Pixel phones aren’t the only ones affected. In fact, it is a generic vulnerability affecting all Android versions, but was fixed in the Android 14 QPR3 update. Anyone using Android devices from other OEMs running Android 14 will have to wait for their Android 15 update to patch this critical security flaw.

If you have a Pixel device, though, this is a critical update, and the company strongly encourages all users to install it. It will be delivered alongside 49 other patches targeting 44 security vulnerabilities in the device firmware, through the June 2024 security update.

If you don’t see a notification for it soon, we suggest manually checking for updates under Settings → Security & privacy → System & updates → Security update. As always, the full details of the vulnerabilities and fixes are available in the Google security bulletin.