Samsung’s Update for Millions: New Security Warning for Galaxy Users
Samsung’s latest November security update has rolled out for select flagship models, introducing critical fixes while leaving some vulnerabilities unaddressed. This update aligns with Google’s November Android security patch announcement, which included a caution about two actively exploited vulnerabilities.
The primary fix in Samsung’s update addresses CVE-2024-43093, an Android zero-day vulnerability in the Google Play framework. This flaw, classified as a privilege escalation issue, could allow unauthorized access to data through the Android Framework component. The update also tackles 38 high-severity Android vulnerabilities and a high-risk issue within Samsung’s semiconductor software. Users with compatible devices are urged to install the update promptly, as availability depends on the device model, carrier, and region.
Samsung’s Update for Millions: New Security Warning for Galaxy Users
However, there is concern surrounding Samsung’s omission of a fix for CVE-2024-43047. This vulnerability, which affects certain Qualcomm chipsets, has been flagged by both Qualcomm and Google as being under-targeted, active exploitation. Google’s Threat Analysis Group raised an alert in September, prompting Qualcomm to provide a patch to manufacturers. Unfortunately, Samsung’s advisory page does not mention this critical fix, raising concerns that users may remain exposed to potential security threats.
Samsung’s response to the delay in addressing CVE-2024-43047 has been cautious. The company states that it is “aware of the report regarding potential vulnerabilities in some of Qualcomm’s chipsets” and has been collaborating with Qualcomm to develop a solution. Security updates began in October, but the rollout timing varies by device and carrier, meaning some users may not receive protection until December. Samsung emphasized its commitment to user security, advising users to keep devices updated with the latest patches.
This delay in security patches has sparked frustration among Galaxy users, particularly those with high-end models who expect timely updates. In contrast, Google’s Pixel devices have consistently received patches faster, leaving some Samsung users at a disadvantage. Samsung’s staggered rollout process has created a recurring issue where some Galaxy users experience a one-month lag compared to Pixel users. For US-based federal employees, this issue is even more pressing, as a recent cybersecurity advisory mandated that federal devices with Qualcomm chipsets apply the October fix for CVE-2024-43047 or discontinue use. Unfortunately, this directive is unfeasible for some Samsung users still awaiting the November patch.
See Also: Samsung One UI 7 Update: Redesigned Notifications, New AI Features, and Delays
In more optimistic news, Samsung’s upcoming Galaxy S25 series, slated for release in 2025, may address this patch lag with Google’s “seamless updates” feature. This new mechanism would simplify the update process by allowing updates to install in the background, without interrupting device usage. While this improvement won’t eliminate regional and carrier-based update delays, it represents a step toward more efficient security patch distribution.
Samsung’s November update also arrives in anticipation of major OS developments, including Android 15 and One UI 7. Samsung has yet to launch a public beta of One UI 7, but it is expected to do so in the coming weeks. However, a stable release of One UI 7 may not be available until the Galaxy S25 series launches. The delayed debut of these seamless updates, combined with the extended wait for One UI 7, highlights the challenges Samsung faces in keeping its flagship models current with the latest software advancements.
In conclusion, while Samsung’s November update addresses several important security vulnerabilities, the delay in patching CVE-2024-43047 underscores the need for a faster and more consistent update process. With the Galaxy S25’s promise of seamless updates, Samsung is moving in the right direction to streamline security patch delivery, ultimately enhancing the safety and user experience for Galaxy device owners.
