Google’s Pixel phones are flying off the shelves, and Black Friday deals are attracting even more shoppers to upgrade an old Pixel or upgrade from Android or even an iPhone. And unlike Samsung, the Pixel also has new and interesting security updates for Android 15, which are now generating growing excitement in the market. But whether it’s a new or old device, you need to make sure you update it before November 28.
With all the holiday season activity, it’s easy to forget that Google started November warning that Android devices were under attack and issuing an urgent fix. If that’s not enough, this month’s Android security update also includes a fix for a Qualcomm vulnerability that’s also under attack, this one delayed from October.
Both vulnerabilities led the U. S. cybersecurity firm to require all federal workers to update their phones or turn them off. The deadline to do so is Nov. 28, and while CISA’s mandate is only for government personnel, its warnings apply much more broadly and are published for “each organization to better manage vulnerabilities and keep up with risk activity. “
Google says CVE-2024-43093, a vulnerability in the core framework of the Google Play formula that underpins much of the app infrastructure on devices, opens devices to attacks in what it describes “as a security escalation flaw. ” privileges on the Android framework component which may simply lead to unauthorized access to ‘Android/data’, ‘Android/obb’ and ‘Android/sandbox’ directories and their subdirectories.
It’s now becoming ever clearer that this vulnerability has introduced serious exposure to external storage on phones, with the risk that sensitive data can be stolen from phones, and so it is imperative all users update as soon as possible.
Meanwhile, October’s CVE-2024-43047 prompted Qualcomm to urge Android OEMs to deploy patches “on released devices as soon as possible,” given “indications from Google Threat Analysis Group that it may be under limited, targeted exploitation.” Pixels are lucky here, they will receive the patch when they apply November’s update. This prompted an October CISA mandate missed by all. Unlike Pixels, it wasn’t included in Samsung’s November release, and is being deployed more slowly.
The Pixels are currently the only Android devices with the latest security innovations, at least those that have been updated to Android 15. Live risk detection, where device-based AI reports behaviors, malicious attacks and fraudulent call tracking are priorities for the Pixel. Add them to the existing delays in Samsung’s Android 15/One UI 7, and it’s a good time to side with Google.
In the meantime, make sure you have the November update installed. Two 0-days and a bunch of other fixes, it’s imperative that you update now and don’t miss the deadline.
A community. Many voices. Create a free account to share your thoughts.
Our network aims to connect other people through open and thoughtful conversations. We need our readers to share their perspectives and exchange ideas and facts in one space.
To do this, please comply with the posting regulations in our site’s terms of use. Below we summarize some of those key regulations. In short, civilized.
Your message will be rejected if we realize that it seems to contain:
User accounts will be blocked if we notice or believe that users are engaged in:
So, how can you be a user?
Thank you for reading our Community Guidelines. Read the full list of publishing regulations discovered in our site’s terms of use.