Major security vulnerability! U.S. government requires employees to update Pixel phones within deadline

IT Home News on June 24, Google disclosed a serious security vulnerability (CVE-2024-32896) in the latest Pixel monthly update, which may be being exploited by attackers. What’s even more worrying is that this is a zero-day vulnerability, which means that Google was not aware of the vulnerability when it was discovered and has no fix. Google lists this vulnerability as a "high risk vulnerability."

According to Forbes, the severity of this flaw has so unnerved the U.S. government that they are requiring all federal employees with Pixel phones to update their phones before July 4th. Otherwise, you need to "stop using this product". While the warning is aimed at U.S. government agencies, businesses should also be aware of the issue, especially individual users using corporate Wi-Fi to connect to the network, and install the latest security updates as soon as possible.
The U.S. government’s warning comes from the Known Exploit List (KEV) managed by CISA (Cybersecurity and Infrastructure Security Agency). "An unspecified vulnerability exists in the firmware of Android Pixel phones that could lead to an escalation of privilege," the notice said. Elevation of privilege could allow an attacker to exploit an application to steal information that is normally inaccessible.
IT House noticed that although the US government is focusing on Pixel users this time, the GrapheneOS security system reminds that this vulnerability does not only affect Pixel phones. They said, “This issue has been fixed on Pixel with the June update (Android 14 QPR3) and will be fixed as other Android devices eventually upgrade to Android 15. However, if not upgraded to Android 15, these devices may A fix is ​​not available as the bug fixes will not be ported to older systems. All Pixel users, US government workers or not, are advised to update their phones as soon as possible. Avoid security risks.

The above is the detailed content of Major security vulnerability! U.S. government requires employees to update Pixel phones within deadline. For more information, please follow other related articles on the PHP Chinese website!