Friday, November 22, 2024

Google Issues Critical Update For Millions Of Pixel Users—Warns Attacks Now Underway

Must read

Google has confirmed details of November’s Android security updates, which includes two zero-days with vulnerabilities now “under limited, targeted exploitation.” As such, this is an “update now warning” for the millions of Pixel users with current support in place, and for other Android OEMs as they receive their own.

ForbesGmail ‘Suddenly’ Stops Working As New Update Fails—Here’s What You Do

The first of the actively exploited vulnerabilities, CVE-2024-43047, is the Qualcomm risk that the chipset manufacturer warned about last month. They said then that OEMs had received the fix some weeks before and urged updated as soon as possible. Qualcomm acknowledged “indications from Google Threat Analysis Group that CVE-2024-43047 may be under limited, targeted exploitation.” That is now part of the November release. Interestingly, while Pixel gets the update now, Samsung does not—a likely delay I wanted about previously.

The second zero-day, CVE-2024-43093, is one of Google’s own, and addresses a vulnerability in the core Google Play system framework that underpins much of the app infrastructure on devices. This is described “as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to ‘Android/data,’ ‘Android/obb, and ‘Android/sandbox’ directories and its sub-directories, according to a code commit message.”

As ever, no further details on the vulnerabilities have been released at this stage, ahead of users having the opportunity to update their devices.

The Qualcomm issue has already prompted the US cybersecurity agency to mandate all federal employees (and advise all others) to update their phones. The deadline wasn’t achievable though, given the delay in pushing out the fix. I would expect the other vulnerability to make CISA’s catalog later this week if not today.

The bad news for Pixel users applying this update could be unrelated issues with the installation of Android 15 clashing with a Google Play update. Over the last 36-hours, multiple users have reported issued in loading apps given a Play Services issue. This seems to have impacted Gmail amongst other apps, stopping it loading.

ForbesApple’s Next Update Surprises iPhone Users—This Completely Changes Your Phone

Putting that aside, all Pixel users are urged to install the new update as soon as it’s available on their phones. Pixel sales are surging, and despite any Android 15 teething issues, the speed with which that upgrade was available compared to Samsung, and the advantage Google has in running both hardware and software is now clear.

Latest article