Samsung’s impossible deadline: update your phone within 24 hours

Millions of Samsung Galaxy phones are now at risk of a serious hardware vulnerability – the second such warning in as many weeks. And while the latest monthly security update addresses one of these threats, the other remains a threat. The US government has advised users to update their phones by Tuesday, October 29th. The bad news is that this means the deadline has just passed before the update. Yes, you need to update your phone, but no, you can’t right now.

Both vulnerabilities have triggered active attack alerts. One from Google that warned Galaxy users who CVE-2024-44068 was called “part of an exploit chain” along with other vulnerabilities. This is a “use-after-free” threat for Exynos processors, meaning that memory accesses do not stop after processing, but hidden pointers remain. This can be exploited by malicious code. This mainly affects older phones and was fixed by Samsung in the October update.

ForbesApple unveils ‘revolutionary’ iPhone update – Samsung has a major new problemTO Zach Doffman

The second warning came from Qualcomm and affected a wide range of mobile devices.not only from Samsung. But given Samsung’s position as the dominant Android OEM, the impact on their user base will be the greatest. The problem is the same exploitation as following the free memory vulnerability, and this has also led to active attacks.

Earlier this month, Qualcomm acknowledged “indications from Google’s threat intelligence team that CVE-2024-43047 may be subject to limited targeted exploitation,” confirming that patches were made available to device OEMs in September. It urges OEMs to deploy these fixes “to released devices” as soon as possible.

CISA, the US cybersecurity agency, has added CVE-2024-43047 to its catalog of known exploitable vulnerabilities, warning that “several Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP services when storing HLOS memory cards.” All federal employees were instructed to “apply patches or mitigations in accordance with vendor instructions” by Oct. 29, “or discontinue use of the product if patches or mitigations are not available.”

In simple terms, this means upgrading or stopping using your phone. There are no updates for Samsung phones yet. CVE-2024-43047 was not included in the October Android or Samsung updates, making it impossible to meet this deadline. The issue is expected to be fixed in the November Android security update, but there’s a good chance Samsung Galaxy users will have to wait another month.

I asked Samsung to confirm this. will will be reviewed in November. However, the company warns that “some patches that will be received from chipset manufacturers may not be included in the security update package of the month. These will be included in upcoming security update packages as soon as the patches are ready for release.”

Thus, owners of Samsung models, just like some Galaxy S23 devices, recently found themselves in an impossible position: they simply cannot meet the update deadline. As I said earlier, be sure to check out the November update as soon as it’s released. Until then, vulnerability remains a risk.

ForbesGoogle warns 2 billion Windows users: update Chrome now as dangerous hackers discoveredTO Zach Doffman

The best news for Samsung users may be new signs of life in the upcoming One UI 7 beta, which will finally bring Android 15 to Galaxy phones much later than expected. SamMobile just reported that while the company didn’t reveal the beta at its recent US developer conference, “it looks like it may open the beta program at the SDC 2024 event in South Korea in November.”

Nothing is confirmed yet, but if it happens, it will create a huge stir as the largest Android OEM will receive the biggest security update yet. Anti-theft protection, live threat detection, and private premises may be introduced soon.