June 2024 has been a big month for Pixel smartphones. Not only has Gemini Nano rolled out to the Pixel 8a, but Google has also rolled out a big security update for several models.
It addresses 50 vulnerabilities, ranging in severity from moderate to critical. One of the most insidious flaws is CVE-2024-32896, which according to Tom's Guide “is an elevation of privilege (EoP) vulnerability.”
An EoP refers to a bug or design flaw that a bad actor can exploit to gain unlimited access to a smartphone's resources. It's a level of access that not even a Pixel owner typically has. Although not as serious as the others, CVE-2024-32896 merited an additional warning from Google on the patch's Pixel Update Bulletin page, stating that it “may be under limited and targeted exploitation.”
In other words, bad actors are likely targeting the flaw to infiltrate a Pixel phone, so it's important that you install the patch.
Solution installation
The rest of the patch affects other important components of the devices, such as the Pixel Firmware fingerprint sensor. It even fixes some Qualcomm and Qualcomm closed source components.
The Google patch is ready to download for all supported Pixel phones and you can find the full list of models on the tech giant's support website here. They include, but are not limited to, the Pixel Fold line, the Pixel 7 series, and the Pixel 8 line.
To download the update, go to the Settings menu on your Pixel phone. Go to Security & Privacy, then System & Updates. Scroll down to Security Update and press Install. Give your device enough time to install the patch and then restart your smartphone.
Existing on Android
It is important to mention that the EoP vulnerability appears to exist in third-party Android hardware; However, the solution will not appear for some time. As the news site Bleeping Computer explains, the operating systems of Pixel and Android smartphones receive security updates at different times. The reason for this separate release is that third-party devices have their own “exclusive features and capabilities.” One comes out faster than the other.
Developers of GrapheneOS, a unique version of Android that focuses more on security, initially found the flaw in April. In a recent post on it will be eliminated. GrapheneOS developers claim that the June update “has not been supported.”
Be sure to check out TechRadar's list of the best Android antivirus apps for 2024 if you want even more protection.