Samsung, the tech giant renowned for its innovative devices, has issued a crucial update for its flagship smartphones, emphasizing the installation of two “critical” security fixes.
Among these fixes, one is notably overdue and necessitates urgent installation.
The belated critical fix, initially part of Google’s April security release, addresses a Qualcomm modem issue that could potentially trigger memory corruption during secure communications “handshake.” Such vulnerabilities pose a significant risk as they could be exploited, compromising device security.
Additionally, the other critical fix unveiled for May addresses vulnerabilities within the phone’s change log process, potentially leading to a “local escalation of privilege with no additional execution privileges needed.”
While specific details remain sparse, Google underscores the severity of these vulnerabilities based on their potential impact on affected devices.
Although exploiting them in isolation might require certain mitigations to be inactive, they could still be exploited as part of a sophisticated chain attack.
Galaxy users can anticipate receiving the updates in the coming days, with availability contingent on region and carrier. Samsung will prioritize its latest flagship devices before extending the updates to older models.
However, users of older or budget-friendly devices may find themselves on a less frequent update schedule.
Despite the critical nature of these fixes, Samsung’s update cycle currently revolves around the Galaxy AI refresh for devices predating its S24 AI flagship.
Notably, Samsung recently disclosed that over 8.8 million users have actively downloaded and engaged with Galaxy AI capabilities since its announcement in February.
The company aims to expand this experience to over 100 million users worldwide, as part of its commitment to democratizing mobile AI.
The impending battle between Apple and Samsung’s AI offerings is poised to intensify, with Apple expected to unveil its AI-bearing iPads imminently.
While Samsung champions a “hybrid” approach combining device and cloud processing, Apple’s likely device-only AI model promises to set new standards for security and privacy.
Amidst these developments, Samsung advises Galaxy owners to promptly update their devices once the release for their region and model becomes available. While Samsung’s fixes in this release are primarily moderate, one high severity boot loader fix specifically targets devices utilizing MediaTek chipsets.
However, one notable security issue left unaddressed in this update is the “Dirty Stream” vulnerability highlighted by Microsoft.
This vulnerability impacts numerous Android apps with widespread installations, underscoring the ongoing importance of firmware updates and vigilance regarding installed apps and extensions on smartphones.
