Samsung’s November Update Addresses Key Vulnerabilities but Misses Critical Qualcomm Patch Under Exploitation

Samsung has started distributing its November security update for Galaxy devices, addressing several significant vulnerabilities, though notably missing a fix for critical CVE-2024-43047 Qualcomm chipset vulnerability, which is reportedly under targeted exploitation. 

What’s Included in Samsung’s November Security Patch 

Samsung’s update includes critical fixes, particularly for CVE-2024-43093, a zero-day vulnerability within the Google Play framework. This flaw, classified as a privilege escalation vulnerability, could allow unauthorized data access, making it a priority for devices reliant on Google Play’s infrastructure. Alongside this, Samsung’s update also tackles 38 or high-severity Android vulnerabilities and addresses a high-severity flaw in its semiconductor software. However, while these fixes improve device security, the most pressing Qualcomm vulnerability remains unresolved. 

Missing Qualcomm Vulnerability Patch 

absence of a patch for CVE-2024-43047 is particularly concerning. This Qualcomm chipset vulnerability, flagged by Google’s Threat Analysis Group as under limited exploitation, could expose device owners to targeted attacks. Qualcomm reportedly supplied the necessary patch to OEMs in September, but Samsung has yet to implement it in this November update. Samsung attributes delay to receiving patches from chipset vendors, suggesting that this specific vulnerability may not be resolved until a later update, potentially in December. 

This delay is frustrating for Samsung Galaxy users, particularly as Google’s Pixel devices have already received a fix, leading to security concerns for Galaxy owners who must wait longer. Moreover, last month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) mandated federal employees to address Qualcomm’s vulnerability or cease using affected devices by the end of October—an updated timeline Samsung users are unable to meet. 

Galaxy S25 and Seamless Updates: A Step Towards Improvement 

In a positive development, the upcoming Galaxy S25 is expected to introduce Google’s seamless updates, streamlining the update process and reducing downtime during installations. While it won’t eliminate the staggered release of updates across regions and models, seamless updates could help Samsung devices receive security fixes more swiftly and reliably in the future. 

Android 15 and Samsung’s One UI 7 

An eagerly awaited update is Samsung’s One UI 7, based on the upcoming Android 15. Although the beta is anticipated to launch soon, likely within November, a stable release may not arrive until early 2025 with the Galaxy S25 launch. This schedule continues the trend of Samsung flagships lagging behind Google’s Pixel devices in adopting the latest Android features. 

Conclusion: Samsung’s Challenge with Timely Updates 

Samsung’s commitment to security is evident in its collaboration with Qualcomm, but recurring delays in integrating critical patches remain a frustration for users, particularly in the face of potential exploits. While the company is taking steps toward improving user experience with seamless updates, the patchwork nature of Android’s security ecosystem remains a challenge for Samsung users, who rely on timely updates to stay protected. Until Samsung can consistently release critical patches promptly, Galaxy users may continue to experience delays, especially for vulnerabilities involving third-party components like Qualcomm chipsets. 

Exit mobile version