Samsung’s July security update has been released, but it has caused concern among Galaxy device users due to the absence of a critical security fix that Google has already addressed in its Pixel devices. This missing fix pertains to a security risk that was serious enough to prompt a US government warning in June. While Samsung’s update does include four other critical Android security warnings, three of these patches address Qualcomm vulnerabilities that were delayed from Android’s June update.
Google has confirmed that the same security risk is affecting Samsung and other Android devices, and while Pixel devices have been patched, Samsung devices have not. This omission in Samsung’s July update is a significant concern, especially considering the severity of the threat.
In addition to the missing Pixel zero-day fix, Samsung’s July update includes other critical Android updates, such as one that addresses an input validation risk. This vulnerability could enable a remote attacker to execute arbitrary code by compromising secure control data on the device, but user interaction is required for triggering this vulnerability.
Another critical vulnerability, CVE-2024-31320, impacts Android’s underlying framework and could lead to local escalation of privilege with no additional execution privileges needed. Google has warned that this vulnerability is serious and should be addressed immediately.
Google has also warned about another vulnerability, CVE-2024-29745, which has only been patched on Pixel devices. This vulnerability is more serious and was fully fixed in April for Pixels, but other devices do not have the protection yet. Because this is a firmware issue, it needs to be patched OEM by OEM, and it could take time.
Pixel users have already received details of their own July release, which includes updates for both software and hardware. While Samsung users are not getting the same timely fixes, Pixel is becoming more integrated and cohesive in its offering, presenting a more direct competition to Samsung. Google’s control of Android’s core AI offerings and Pixel hardware gives it an advantage in the AI security and privacy market.
Samsung users should update their devices as soon as the July update is available for their model, region, and carrier to address the outstanding security issues. Android 15, which is expected to add a raft of new security updates and enhanced user protection, is not too far away.