1 Android Flaw You NEED to Patch NOW (Pixel Fix Only!) Hackers Wiping Phones?

Google has recently tackled a critical zero-day security issue through its June Pixel Feature Drop, addressing a vulnerability that security experts have been tracking since April. However, this patch is limited to Pixel devices, leaving other Android phones susceptible until the release of Android 15. This flaw, identified as CVE-2024-32896, involves an elevation of privilege (EOP) problem within Android firmware, which was actively exploited before Google identified it, amplifying its seriousness.

1 Android Flaw You NEED to Patch NOW (Pixel Fix Only!): GrapheneOS initially discovered and reported the vulnerability to Google. In response, Google included fixes for 50 security vulnerabilities, including the zero-day flaw, in the Android 14 QPR3 update specifically for Pixel devices. Google strongly advises all Pixel users to promptly install the June update due to evidence suggesting targeted exploitation of the vulnerability. This information was detailed in the Pixel Update Bulletin, emphasizing the critical nature of the issue.

According to GrapheneOS, the vulnerability was exploited by forensic companies using applications such as Wasted and Sentry, aimed at wiping devices when an attack was detected.

The exploit capitalized on two primary issues: inadequate clearing of system memory during fast boot mode and the Android Open Source Project (AOSP) device admin API requiring a reboot-to-recovery for memory erasure. The first issue had already been resolved for Pixel devices, while the second was addressed in the June Pixel Feature Drop.

The reason why only Pixel devices received this fix is because of how Android OEMs manage software updates, which Google doesn’t have complete control over. Consequently, non-Pixel Android devices are still vulnerable to this security flaw until Android 15 is released. This highlights the difficulties in ensuring uniform security standards across the varied Android ecosystem.