Skip to Main Content

Update Your Pixel Now to Patch This Security Flaw

The U.S. government is forcing its employees to update, so you probably should too.
A hand holding a white google pixel smartphone
Credit: Gabo_Arts / Shutterstock.com

Earlier this month, Google issued a security update for its line of Pixel smartphones, issuing patches for 45 vulnerabilities in Android. Security updates aren't as flashy as Feature Drops, and so users might not feel as inspired to update their Pixels right away. This update, however, is one you should install ASAP.

As it turns out, among those 45 patched vulnerabilities, is one particularly dangerous one. The flaw is tracked as CVE-2024-32896, and is an escalation of privilege vulnerability. These flaws can allow bad actors to gain access to system functions they normally wouldn't have permission for, which opens the door to dangerous attacks. While most of these flaws are usually caught before bad actors learn how to exploit them, the situation with CVE-2024-32896 isn't so fortunate: In the security notes for this security update, Google says, "There are indications that CVE-2024-32896 may be under limited, targeted exploitation."

That makes this vulnerability an example of a "zero-day" issue—a flaw that bad actors know how to take advantage of before there a patch is made available to the general public. Every Pixel that doesn't install this patch is left vulnerable to malicious users who know about this issue, and want to exploit it.

Google hasn't disclosed any additional information about CVE-2024-32896, so we don't know much about how it works—that said, it sounds like a particularly nasty vulnerability. In fact, Forbes reports that the United States government has taken note of the issue, and has issued a July 4 deadline for any federal employees using a Pixel: Update your phone, or "discontinue use of the product."

GrapheneOS, who develops an open source privacy-centric OS for smartphones, says that the patch for CVE-2024-32896 is actually the second half of a larger fix: In April, Google patched CVE-2024-29748, and according to GrapheneOS, both were targeted to patch vulnerabilities forensic companies were exploiting.

How to patch your Pixel

To install this security patch on your Pixel, head to Settings > System > Software update. When the update is available, you can follow the on-screen instructions to install it. Alternatively, you can ask Google Assistant to "Update my phone now."