June 2024 has been a big month for Pixel smartphones. Not only did Gemini Nano roll out to the Pixel 8a, but Google also released a huge security update to multiple models.
It addresses 50 vulnerabilities, ranging in severity from moderate to critical. One of the more insidious flaws is CVE-2024-32896, which Tom’s Guide states “is an elevation of privilege (EoP) vulnerability.”
An EoP refers to a bug or design flaw that a bad actor can exploit to gain unfettered access to a smartphone’s resources. It’s a level of access that not even a Pixel owner normally has. Even though it’s not as severe as the others, CVE-2024-32896 did warrant an extra warning from Google on the patch’s Pixel Update Bulletin page, stating it “may be under limited, targeted exploitation.”
In other words, it’s likely bad actors are going to be targeting the flaw to infiltrate a Pixel phone, so it’s important that you install the patch.
Installing the fix
The rest of the patch affects other important components on the devices, such as the Pixel Firmware fingerprint sensor. It even fixes a handful of Qualcomm and Qualcomm closed-source components.
Google’s patch is ready to download for all supporting Pixel phones, and you can find the full list of models on the tech giant’s Help website here. They include but are not limited to the Pixel Fold, Pixel 7 series, and the Pixel 8 line.
To download the update, go to the Settings menu on your Pixel phone. Go to Security & Privacy, then to System & Updates. Scroll down to the Security Update and hit Install. Give your device enough time to install the patch and then restart your smartphone.
Existing on Android
It’s important to mention that the EoP vulnerability seems to exist on third-party Android hardware; however, a fix won’t come out for a while. As news site Bleeping Computer explains, the operating systems for Pixel and Android smartphones receive security updates at different times. The reason for this separate rollout is that third-party devices have their own “exclusive features and capabilities.” One comes out faster than the other.
Developers for GrapheneOS, a unique version of Android that is more focused on security, initially found the flaw in April. In a recent post on X (the platform formerly known as Twitter), the team believes non-Pixel phones probably won’t receive the patch until the launch of Android 15. If you don’t get the new operating system, the EoP bug probably won’t get removed. The GrapheneOS devs claim the June update “has not been backported.”
Be sure to check out TechRadar’s list of the best Android antivirus apps for 2024 if you want even more protection.