Connect with us

Tech

Samsung Confirms Early Update For Millions Of Galaxy Users—Here Next Month

Published

on

Samsung Confirms Early Update For Millions Of Galaxy Users—Here Next Month

Samsung has just confirmed to me that a new update for Galaxy devices is due in August—and it’s important you ensure this is installed as soon as available for your model, region and carrier, because this release is more critical than most.

ForbesGoogle Confirms Play Store App Deletion-Now Just 6 Weeks Away

You might recall the Pixel zero-day vulnerability, which made headlines in June and prompted the US government to mandate all federal employees update their Pixel devices by July 4 or power them down. Initially this was presented as a Pixel only threat, which Google acknowledged had been exploited in the wild. But then Google backtracked and warned that it actually affects all Android devices, including Samsungs, and that they would work with other manufacturers on a fix.

Last month I was told that a fix could take 3-months or longer. But Samsung has now surprised on the upside and told me that “the target schedule for this fix is August… [albeit] this may vary on network provider and device.” That’s earlier than expected.

Google did not publish any detail on the vulnerability, but GrapheneOS—the team behind the disclosure—told me it was part-two of a fix for a threat first reported in April, which is “being actively exploited in the wild by forensic companies.”

It was only after Pixel’s June release generated headlines and the US cyber agency added the threat to its Known Exploited Vulnerability catalog, that Google told me that “after further review, this issue does impact Android platform… Pixel devices that have installed the latest security update are protected… we are prioritizing applicable fixes for other Android OEM partners and will roll them out as soon as they are available.” For Samsung users, that is now imminent.

In addition to CVE-2024-32896, Graphene warned that a second vulnerability only fixed for Pixels thus far also impacts other Android devices. “CVE-2024-29745 is the more serious issue,” they told me, “and was fully fixed in April for Pixels, but other devices don’t have the protection yet.” This particular risk impacts OEM firmware and so needs to be fixed manufacturer by manufacturer.

ForbesApple Warns Millions Of iPhone Users-Stop Using Google Chrome

Google also confirmed to me that this second threat impacts Android devices beyond just Pixels, albeit it would need to be chained to other exploits to frame an attack. I have asked Samsung to confirm that this is also being addressed in August.

I have been critical of Samsung for their patchwork quilt approach to updates and for recent delays, but this fix is quicker than I expected and they deserve full credit for that. Given the “zero-day” risk and the US government warning, Samsung users should take especial care that August’s update installs as soon as available.

Continue Reading