Samsung has simply launched an replace for its flagship gadgets—this contains two ‘essential’ safety fixes, one in all which is late and needs to be put in urgently….
Samsung’s new replace impacts tens of millions of Galaxy customers
dpa/image alliance through Getty Photographs5/9 replace under; article initially printed 5/7.
Samsung is on a roll, and its flagship Galaxy customers are once more being given an early take a look at the brand new Android month-to-month safety replace virtually as quickly as Google reveals particulars of the pressing fixes being launched this time round.
That mentioned, it’s not all easy operating. One essential repair that Google included in its April safety launch is just simply being made out there by Samsung now—this Qualcomm modem concern may probably result in a reminiscence corruption concern throughout a safe comms “handshake,” and such reminiscence vulnerabilities open doorways to exploitation.
The opposite essential repair for Could impacts the telephone’s change log course of, which may result in “native escalation of privilege with no further execution privileges wanted.”
Particulars—as ever—stay scarce for now, however Google says the essential tag “is predicated on the impact that exploiting the vulnerability may have on an affected system.” Such an assault in isolation would require “platform and repair mitigations” to be off, however vulnerabilities could be exploited as a part of a extra refined chain assault.
Over the approaching days, Galaxy customers will see the updates made out there as per regular—dependent upon area and service. Samsung will give attention to its latest, priciest gadgets first, after which work down the record. Homeowners of older, cheaper gadgets could already be on a quarterly schedule—or worse. You could find particulars right here.
This safety replace is not going to generate many headlines, however its essential fixes, given Samsung’s replace cycle is at present being dominated by the Galaxy AI refresh for older gadgets than its S24 AI hero product.
Samsung has simply confirmed that because it initially “introduced in February that Galaxy AI options, initially launched on flagship S24 merchandise, could be out there on extra Galaxy gadgets by way of a brand new One UI 6.1 replace… 8.8 million customers are downloading and actively utilizing these Galaxy AI capabilities.”
Samsung is aiming for “over 100 million customers to expertise its Galaxy AI options the world over,” because it drives in the direction of the “additional the democratization of cell AI.” However the rather more attention-grabbing information is how its on-device AI providing will evaluate to Apple’s, which is anticipated to be introduced shortly—maybe as quickly as this week, with the anticipated announcement of latest AI-bearing iPads.
The approaching months will see a battle between Apple’s probably device-only AI and Samsung’s “hybrid” various, which mixes system and cloud processing. Samsung has mentioned it desires to “to boost the requirements of safety and privateness on this new period of data-intensive cell experiences,” which is ok when the first competitors is Google and its largely cloud-centric mannequin. Apple can be a special prospect, and AI privateness and safety is about to develop into a key differentiator.
In the meantime, Galaxy house owners ought to guarantee their system updates—routinely or manually—as quickly as the discharge for his or her area and mannequin is offered. Samsung’s personal fixes within the launch are all reasonable, aside from one excessive severity boot loader repair, which solely impacts gadgets utilizing MediaTek chipsets.
One safety concern not seemingly addressed by this month’s replace is the “Soiled Stream” vulnerability that Microsoft warned about late final week. This impacts a number of Android apps with tons of of tens of millions of installs, the place apps receiving information from one other app on a tool could be tricked into executing malware. Particulars of the assault and the mitigations underway could be discovered right here.
In the meantime, the same old month-to-month recommendation applies—preserve your firmware up to date and beware the apps and extensions you put in in your smartphone.
Replace 05/09: Whereas the joy round Samsung’s One UI 6.1 replace continues to construct, with tens of millions all over the world upgrading their Galaxy gadgets with new AI choices, Samsung is already engaged on its subsequent large factor.
As reported by SamMobile, the Galaxy maker “is getting ready for the One UI 7.0 Beta Program for its newest flagship smartphone collection.”
That is being developed round Android 15, which is now in beta. “Samsung appears to have acted upon it and began beta improvement of Android 15-based One UI 7.0 software program internally for the Galaxy S24 collection… Normally, Samsung begins inside improvement of a serious new model of One UI as quickly as Google releases the primary Developer Beta model of Android.”
Android 15 will convey a variety of necessary new safety updates to smartphones all over the world when it releases, because the hole between Android and iPhone narrows. These embody app quarantining and centralized privateness settings, however the spotlight is revolutionary new safety in opposition to telephone monitoring, interception and so-called IMSI grabbing, which pulls system identifiers over the air. Such defenses have by no means been mainstream earlier than—even iPhones don’t at present supply such warnings.
This new advance can be coming to Pixel we’re sure, however the query stays whether or not Samsung will do the identical. It requires a compliant modem and for the telephone’s OS and modem to work collectively to warn when connectivity encryption reduces or when a number of community identification requests are acquired.
What makes this attention-grabbing is Samsung’s strategy to such advances previously. When 2G toggles had been launched in Android to dam probably the most primary type of monitoring and interception, EFF commented that Samsung has not taken any steps to incorporate the 2G toggle from vanilla Android, nor has it indicated that it plans to any time quickly… These failures to behave counsel that Samsung considers its customers’ safety and privateness to be an afterthought. These involved with the safety and privateness of their cell gadgets ought to strongly think about using different {hardware}.”
And so from a safety perspective, how Samsung adopts this new advance—or not— can be of explicit curiosity. With its replace within the works, we’ll quickly know…