This month, Google ran into trouble with its Pixel updates. CVE-2024-32896 is hidden in dozens of critical runrate updates and Android quarterly feature drops. Google warned that this very serious firmware vulnerability "can be contained and targeted.

Google provided little information about this zero-day — more on that below — but the US government has stepped in and told federal workers to update their Pixel devices by July 4 "or stop using the product." It gives you only ten days to act. The warning is aimed at government agencies, but other companies should do the same and ensure that employees are fully compliant. Individual users should also be careful, especially if they connect their devices to any enterprise system.

The June update comes in the same week that Google published a report on the dangers of freeware in the Play Store, days after Zscaler warned that it had "identified and analyzed more than 90 malicious apps uploaded to the Play Store... with the volume of installs More more than 5.5 million times.

This week, Check Point's cyber team warned that the Android Trojan Rafel was detected in at least 120 malicious campaigns. Although it mainly affects older, unsupported devices, "users of current Android versions should be concerned that this threat can infect a variety of Android versions, from the oldest unsupported versions to the latest."All in all, it is a shocking background for Android users. CISA mandates should be taken seriously by all Pixel owners and updated before the 4th of July holiday if they haven't already. The download should be automatic and a reboot will ensure that it installs completely. You can find a description of how to check how your pixels are updated.