What just happened? Samsung has confirmed that a crucial security patch for Galaxy devices will start rolling out as early as August, addressing a critical zero-day vulnerability that has been under active exploitation. This comes as a surprise, as previous estimates suggested the fix could take three months or longer.
The urgency stems from the disclosure of a critical vulnerability (CVE-2024-32896) in June that affected Google's Pixel devices, which was serious enough for the US government to order federal employees to update their Pixels by July 4. Initially believed to be a Pixel-exclusive issue, Google later acknowledged that the flaw extended to all Android devices. However, the specifics of this vulnerability were limited.
In addition to CVE-2024-32896, the security-focused Android project GrapheneOS (which was responsible for the initial disclosure) has warned of another vulnerability. They told Forbes that CVE-2024-29745 is actually the "more serious issue" but has yet to be addressed on Android devices beyond the Pixels. However, Google informed the publication that this vulnerability would need to be chained with additional exploits to pose a significant threat.
CVE-2024-32896 which is marked as being actively exploited in the wild in the June 2024 Pixel Update Bulletin is the 2nd part of the fix for CVE-2024-29748 vulnerability we described here:https://t.co/c4xnnbje04
– GrapheneOS (@GrapheneOS) June 13, 2024
As we explained there, none of this is actually Pixel specific.
Due to the fragmented nature of the Android ecosystem and the need for carriers and manufacturers to validate and customize patches for their respective devices, critical updates can take months to roll out.
However, Samsung's swift response is a welcome development. Given the severity of the vulnerabilities and the potential for exploitation, Samsung users are advised to prioritize installing the August update as soon as it becomes available for their specific models.
While the primary focus of the August update is addressing these zero-day vulnerabilities, Samsung is also expected to include other enhancements and features. Rumors suggest the update may bring significant camera improvements to the Galaxy S24 series and introduce new Galaxy AI features.
In the coming months, Samsung is expected to release the first Android 15-based One UI 7.0 Beta update for the Galaxy S24 and other high-end devices. The stable One UI 7.0 update could potentially roll out to most compatible Galaxy phones and tablets before the end of 2024.