Samsung releases critical update for millions of Galaxy users

Samsung has just released an update for its flagship devices – it includes two “critical” security patches, one of which is overdue and should be installed urgently….

Update 5/9 below; article originally published on 5/7.

Samsung is on the right track, and users of its Galaxy flagship can once again experience a new monthly Android security update almost immediately after Google reveals details of the urgent patches that will be released this time.

That said, not everything is smooth sailing. One critical fix that Google included in its April security release has only now been made available by Samsung – a Qualcomm modem issue could potentially lead to a memory corruption issue when “handshaking” secure communications, and these types of memory vulnerabilities open the door to exploitation .

ForbesElon Musk fact-checked X after surprise news alert

The second critical fix introduced in May affects the phone’s changelog process, which could lead to “local privilege escalation without requiring additional execution privileges.”

Details are, as always, scarce for now, but Google says the critical tag “is based on the possible impact of exploiting the vulnerability on the affected device.” Such an attack in isolation would require disabling “platform and service mitigations,” but the vulnerabilities could be exploited as part of a more sophisticated chain attack.

In the coming days, Galaxy users will receive updates as usual, depending on region and carrier. Samsung will focus on its newest, most expensive devices first and then work its way down the list. Owners of older, cheaper devices may already be on a quarterly schedule – or worse. Details can be found here.

This security update won’t make headlines despite the critical patches, considering Samsung’s update cycle is currently dominated by the Galaxy AI refresh for older devices than its hero S24 AI.

Samsung has just confirmed that since it initially “announced in February that Galaxy AI features, initially introduced on its S24 flagship products, will be available on more Galaxy devices with the new One UI 6.1 update… 8.8 million users are downloading them and actively using them They take advantage of the Galaxy’s artificial intelligence capabilities.

ForbesIs Google Chrome still tracking you?

Samsung aims to “further democratize mobile AI” so that “over 100 million users can experience Galaxy AI features worldwide.” But the much more interesting news is how the AI ​​offerings on devices compare to Apple’s, which is expected to be announced soon – perhaps as early as this week, along with the expected announcement of new AI-equipped iPads.

The coming months will see a battle between Apple’s device-only AI and Samsung’s “hybrid” alternative, which combines on-device and cloud computing. Samsung has said it wants to “raise security and privacy standards in the new era of data-intensive mobile solutions,” which is fine when the main competition is Google and its largely cloud-based model. Apple will be a different prospect, with AI privacy and security becoming a key differentiator.

In the meantime, Galaxy owners should ensure their devices are updated – either automatically or manually – as soon as a version is available for their region and model. All of Samsung’s fixes included in this release are moderate, except for one high-impact boot loader fix that only affects devices using MediaTek chipsets.

One security issue that this month’s update appears not to have addressed is the “Dirty Stream” vulnerability that Microsoft warned about late last week. This affects many Android apps with hundreds of millions of installs, where apps receiving data from another app on the device can be tricked into running malware. Details of the attack and ongoing countermeasures can be found here.

In the meantime, the usual monthly advice applies – keep your firmware updated and be careful with the apps and extensions you install on your smartphone.

ForbesIs your Android smartphone at risk of ‘Dirty Stream’ attack?

Update 05/09: While excitement around Samsung’s One UI 6.1 update continues to build and millions of people around the world update their Galaxy devices with new AI features, Samsung is already working on the next big thing.

As reported SamMobileThe Galaxy manufacturer is “preparing for a One UI 7.0 beta program for its latest flagship smartphone series.”

It is developed around Android 15, which is currently in beta. “It appears that Samsung has responded and started working on a beta version of Android 15-based One UI 7.0 software internally for the Galaxy S24 series… Typically, Samsung starts working on a new major version of One UI internally right after Google releases the first developer Android beta version.

As the gap between Android and iPhone narrows, with the release of Android 15, important new security updates will arrive for smartphones around the world at launch. They include application quarantine and centralized privacy settings, but the main attraction is the new, innovative protection against phone tracking, interception and so-called IMSI interception, which downloads device IDs over the air. Such protections have never been common before – even iPhones don’t offer such warnings these days.

This new solution will be available on Pixel we’re sure, but the question remains whether Samsung will do the same. It requires a compatible modem, and your phone’s operating system and modem work together to alert you if your connection’s encryption level is reduced or you receive multiple network identification requests.

What makes this issue interesting is Samsung’s approach to such advancements in the past. When Android introduced 2G switches to block the most basic form of tracking and interception, EFF commented that Samsung has not taken any steps to enable 2G switching from stock Android, nor has it indicated that it plans to do so in the near future… These omissions suggest that Samsung treats the security and privacy of its users as a secondary concern. People who care about the security and privacy of their mobile devices should strongly consider using other equipment.”

Therefore, from a security point of view, it will be particularly interesting how Samsung will implement this new solution – or not. With an update on the way, we’ll soon find out…