According to Forbes , this stems from a high-severity software vulnerability in the operating system that could leave devices like the Pixel vulnerable to “targeted, limited exploitation.” While there is a patch for the zero-day vulnerability, it will require access to the settings app to ensure the device is up to date. The US government is requiring employees who do not install the security update before July 4 to “discontinue use of the product.”
Not only Pixel users, but Android phones are also affected by the vulnerability
Google has remained tight-lipped about the actual details of the vulnerability, but the US government’s actions suggest it’s a little more serious than the usual suspects. The advisory only targets Pixel devices, but it appears that the exploit could extend to other Android phones. That means regular users should take note, especially those connecting to corporate servers.
The folks behind GrapheneOS, an Android-based operating system, note that the vulnerability is not specific to Pixel phones. The organization said the fix will be part of any update to Android 15 that will be released in August, and it has not yet been deployed. It is unclear whether there are any workarounds to mitigate the vulnerability.
Meanwhile, the US government’s warning also provides very few details, stating only that “Pixel contains an unspecified firmware vulnerability that allows privilege escalation.” According to GrapheneOS, it is likely that malicious actors could exploit the vulnerability “to obtain operating system memory information.”
Pixel users should update immediately via the Settings app, while other Android phone users should wait. With the US government coming forward, it's possible the vulnerability will be patched soon.
Source: https://thanhnien.vn/google-pixel-dinh-lo-hong-nghiem-trong-185240625145336523.htm
Comment (0)