A second flaw, CVE-2024-43093, additionally requires that customers set up the most recent safety replace ASAP. The replace features a patch that addresses a vulnerability discovered within the core Google Play system framework. This flaw, when exploited, might lead to unauthorized entry to Android/information,’ ‘Android/obb, and ‘Android/sandbox’ directories.
Thanks to those two flaws, the U.S. advised authorities employees with a Pixel telephone to show off the system or set up the safety replace by November twenty eighth, Thanksgiving Day within the U.S. The warning got here from the Cybersecurity and Infrastructure Safety Company (CISA) which is a part of the US Division of Homeland Safety (DHS). Although CISA’s warning applies solely to authorities employees, these suggestions are extensively launched to assist different organizations keep present with vulnerabilities that should be patched.
An inventory of Qualcomm Snapdragon chipsets impacted by (CVE)-2024-43047. | Picture credit-Qualcomm
Proper now, for those who personal a Pixel handset, whether or not you’re employed for the federal government or not, you’ll want to set up the safety replace if you have not already. Go to Settings > System > Software program updates > System replace. If a immediate seems for an replace, ensure you observe the instructions to put in it. To be clear, whereas the vulnerabilities are discovered on many Android handsets, solely Pixel fashions have the patch for now.
If you happen to’ve already put in the November replace in your Pixel telephone, you don’t have anything extra to do and you’ve got met CISA’s deadline.
