A second flaw, CVE-2024-43093, also requires that users install the latest security update ASAP. The update includes a patch that addresses a vulnerability found in the core Google Play system framework. This flaw, when exploited, could result in unauthorized access to Android/data,’ ‘Android/obb, and ‘Android/sandbox’ directories.
Thanks to these two flaws, the U.S. told government workers with a Pixel phone to turn off the device or install the security update by November 28th, Thanksgiving Day in the U.S. The warning came from the Cybersecurity and Infrastructure Security Agency (CISA) which is part of the United States Department of Homeland Security (DHS). Even though CISA’s warning applies only to government staff, these recommendations are widely released to help other organizations stay current with vulnerabilities that need to be patched.
A list of Qualcomm Snapdragon chipsets impacted by (CVE)-2024-43047. | Image credit-Qualcomm
Right now, if you own a Pixel handset, whether you work for the government or not, you need to install the security update if you haven’t already. Go to Settings > System > Software updates > System update. If a prompt appears for an update, make sure you follow the directions to install it. To be clear, while the vulnerabilities are found on many Android handsets, only Pixel models have the patch for now.
If you’ve already installed the November update on your Pixel phone, you have nothing more to do and you have met CISA’s deadline.