Samsung Updates Millions Of Phones—New Warning Issued For All Galaxy Owners

While some Samsung flagships have already received November’s security update, the Galaxy maker has just issued details of what’s in the fix—and perhaps more critically, what’s not. This coincides with Google releasing details of the November Android update, with a warning that two vulnerabilities are under active attack.

Samsung has patched an Android zero-day, CVE-2024-43093, a vulnerability in the Google Play framework that underpins the app infrastructure on devices. This is described “as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to data.”

There are no critical Android updates, albeit 38 high-severity vulnerabilities have been fixed, as well as a high-severity Samsung semiconductor flaw and five high-severity flaws with their own software. Users should update as soon as the software downloads to their devices, dependent as usual on model, region and carrier.

More worryingly is the absence of a fix for CVE-2024-43047, which both Qualcomm and now Google have warned “may be under limited, targeted exploitation.” That fix is absent from the update advisory page—at least for now. Last month, Qualcomm acknowledged “indications from Google Threat Analysis Group that CVE-2024-43047 may be under limited, targeted exploitation,” confirming that fixes were made available to device OEMs in September, urging deployment ASAP.

MORE FOR YOU
Trump Vs. Harris 2024 Polls: Nate Silver's Final Forecast Ends In A Virtual Tie As Harris Closes Gap
Election 2024 Swing State Polls: Trump-Harris Race Deadlocked On Election Eve—As Pennsylvania Still Tied (Updated)
Harris And Trump’s Biggest Celebrity Endorsements: Joe Rogan Endorses Trump, Lady Gaga Backs Harris

I asked Samsung whether this would be fixed in November, given that the manufacturer warns that “some patches to be received from chipset vendors may not be included in the security update package of the month. They will be included in upcoming security update packages as soon as the patches are ready to deliver.”

Samsung told me it “takes security issues very seriously,” and that “we are aware of the report regarding potential vulnerabilities in some of Qualcomm's chipsets and have been working with Qualcomm to address this issue. We have started rolling out security updates since October, but updates may continue being released at a later date, which will vary by network provider or model. We always recommend that users keep their devices up-to-date with the latest software updates.”

As I warned at the time, there is a high risk users will not receive that update until December, the usual month’s delay from Android’s rollout. This is awkward for owners of expensive Galaxy flagships, given Pixels have received the update more quickly. This is becoming something of a regular issue, and should be addressed.

This is made more awkward because the US cybersecurity agency issued a warning last month for all federal phone users to fix the Qualcomm vulnerability by the end of October or stop using their phones. Not possible for Samsung users, even now.

The backdrop to this November update is the welcome news that the forthcoming Galaxy S25 might be the first flagship to bring Google’s seamless updates to users. That makes the update process faster and simpler. In itself it won’t resolve the patchwork quilt of model, region and carrier, but it’s a step in the right direction.

The other backdrop is Android 15, of course, and the continued wait for Samsung’s One UI 7 even in beta form. That is expected this month, perhaps as soon as next week. But the stable release—just like seamless updates, won’t be around until the Galaxy S25 Series launched in 2025.