Some Pixel users have until the end of Thanksgiving Day to uopdate their phones or turn them off
Google Pixel users need to make sure that they have installed the latest security update no later than November 28th. At the beginning of this month, Google warned Pixel users that their phones were under attack and released an important security patch. You might recall that Common Vulnerabilities and Exposures (CVE)-2024-43047 is a dangerous flaw impacting Qualcomm Snapdragon chips. Google said that this vulnerability was being exploited by attackers on a limited basis.
A second flaw, CVE-2024-43093, also requires that users install the latest security update ASAP. The update includes a patch that addresses a vulnerability found in the core Google Play system framework. This flaw, when exploited, could result in unauthorized access to Android/data,’ ‘Android/obb, and ‘Android/sandbox’ directories.
Thanks to these two flaws, the U.S. told government workers with a Pixel phone to turn off the device or install the security update by November 28th, Thanksgiving Day in the U.S. The warning came from the Cybersecurity and Infrastructure Security Agency (CISA) which is part of the United States Department of Homeland Security (DHS). Even though CISA's warning applies only to government staff, these recommendations are widely released to help other organizations stay current with vulnerabilities that need to be patched.
A list of Qualcomm Snapdragon chipsets impacted by (CVE)-2024-43047. | Image credit-Qualcomm
The reason why CISA is going crazy over these two vulnerabilities is because they could lead attackers to access external storage on Android phones and this could result in the theft of sensitive information stored on these handsets. Originally, CISA ordered that the update be installed in October, but the patch could not be released in time. With the November security update, Pixel handsets received the patch while Samsung and other Android devices did not. Those with a Galaxy phone or another Android model might have to wait until December before getting the update.
Right now, if you own a Pixel handset, whether you work for the government or not, you need to install the security update if you haven't already. Go to Settings > System > Software updates > System update. If a prompt appears for an update, make sure you follow the directions to install it. To be clear, while the vulnerabilities are found on many Android handsets, only Pixel models have the patch for now.
If you've already installed the November update on your Pixel phone, you have nothing more to do and you have met CISA's deadline.
Things that are NOT allowed: