There’s an unusual twist with Samsung’s security update this month, with the October release giving five critical reasons why any Samsung Galaxy phone owner running Android 12, 13 or 14 to update as soon as possible.
In recent months we have gotten used to critical updates coming by way of wider Android vulnerabilities or hardware components patches. And there are two such updates from Qualcomm as well this month, albeit those were part of Android’s September release and are just delayed making their way onto Samsungs.
But this time around, critical new updates address in-house Samsung vulnerabilities with its own UI. The five CVEs all relate to librtppayload, a system component specific to Samsung phones. The vulnerabilities all allow “remote attackers to execute arbitrary code with system privileges,” albeit some user interaction is required. But that just means tricking users into interacting with an exploit on-screen.
No suggestion that any such exploits have been identified as yet, but Galaxy users are urged to update as soon as the October release makes its way onto their devices. As ever, the release will be scheduled by model, region and carrier, with the lower-end devices waiting until later in the month.
All that assumes your device is still eligible for security updates, of course, and across the Android ecosystem there are between 500 and 750 million phones that are not. Samsung phones still under support can receive such updates monthly, quarterly or biannually, clearly if you have to wait for a release your phone is at risk until it comes.
The five critical risks all relate to vulnerabilities when handling compressed video on the device, opening access to parts of the device’s memory that are “out of bounds” from the parameters set for the function itself. This opens up the risk of device destabilization or execution of remote code per Samsung’s warning.
Good news that these issues have been fixed and owners of flagship devices should get the updates quickly. But there’s also bad news for millions of flagships owners, because while Galaxy Z Fold 6 and Galaxy Z Flip 6 phones will get this release, they are not getting Google’s system updates and haven’t since April. And all flagship owners now know they will wait until 2025 for One UI 7 and Android 15.
There may be other, perhaps even more critical updates buried in October’s release as well. Samsung warns that “some SVE (Samsung Vulnerabilities and Exposures) items included in the Samsung Android Security Update cannot be disclosed at this time.”
Read the full article here