Samsung says a critical security patch is making its way to Galaxy devices soon

Back in June, we reported that Android devices were hit by a critical vulnerability, prompting Google to release a second installment of a zero-day exploit patch. At the time, it was believed the issue was only limited to Pixel devices, and no other Android devices were affected. However, the CVE-2024-32896 vulnerability, which targets all Android devices, poses a significant security risk, underscoring the urgent need for security patches to address the issue.

Related

Android 15 Beta 4 took a while, but it’s finally hitting devices

After Google announced Android 15 Beta 4 at 2 p.m. ET Thursday, it took a bit over seven hours for the update to start showing up on devices. Following a brief delay, the OTA file and factory images are now available on Google’s developer site as well. The update itself focuses on refinements ahead of a potential August or September stable release, fixing bugs like the issue that bricked some Pixel 6 series phones after factory resetting.

Initially, it was projected that companies would take approximately three months to release patches, and Android phones might have to wait for the Android 15 update to get a fix. However, Samsung has now stepped up with a proactive response. As reported by Forbes, Samsung has confirmed that a critical security patch will be available for Galaxy devices in August. Samsung has also said that the time frame might vary based on network provider and device, but the proactive step is a reassuring sign to Galaxy owners.

Samsung Galaxy devices will receive a critical security patch in August

The CVE-2024-32896 Android vulnerability was labeled as “High Severity” in the Pixel Update Bulletin, underlining the situation’s urgency. Following Google’s release of the fix for its Pixel phones, the US government issued a directive to federal employees to update their devices by July 4 or cease using them due to grave security risks.

In addition to the CVE-2024-32896 vulnerability, the security-focused GrapheneOS ROM also revealed that Android devices are hit with a more severe vulnerability, dubbed CVE-2024-29745. This vulnerability, which was fixed for Pixel devices with the April security patch, poses a significant security risk for non-Pixel Android devices. However, these devices have yet to receive a fix, raising concerns about their security. It remains to be seen if the second vulnerability will be addressed in Samsung’s August patch for Galaxy devices.

While Google first tried to reduce the sensitivity by saying the issue was Pixel-limited, the scope of the vulnerability was much larger and expanded to all Android devices. It’s good to see Samsung has stepped up sooner than other manufacturers to address the security holes. However, the potential concerns about non-Galaxy and non-Pixel devices receiving a fix have yet to be addressed.