Privilege escalation allows an attacker to use the application to collect information coming from device usage.
In June, the US government ordered Pixel owners who work for the federal government to update their phones by July 4 or stop using them. This was because Pixel devices contain a known exploited vulnerability (KEV) in their firmware that allows for privilege escalation.
Pixel devices were patched for the CVE-2024-32896 vulnerability with the June update.
Pixel devices were patched for the CVE-2024-32896 vulnerability through the June update.
The Known Exploited Vulnerabilities list lists the vulnerabilities as CVE-2024-32896, which can be exploited “targeted, with limitations.” Each CEV is a specific vulnerability or bug that affects mobile devices when exploited by a malicious actor. They are assigned a CVE (Common Vulnerabilities and Exposures) number to help catalog it for software engineers developing patches to fix the vulnerability.
Google reported patched the bug on all Pixel models with its June security update, but at the time, CVE-2024-32896 was also a threat on other Android phones, including Samsung's Galaxy phones. The company has not yet patched its phones, meaning the bug could still be exploited on Galaxy phones. That's why Samsung said users of its phones should install the August security update when it's released early next month.
The actual release date of the August security update depends on the device, country, and network carrier of each Samsung phone, although it seems likely that the release will happen soon given the threat from the vulnerability.
Watch More Image Part 2 >>>
Galaxy phones will get the CVE-2024-32896 vulnerability fixed with the August update.
Galaxy phones will get the CVE-2024-32896 vulnerability addressed with the August update.
Another worrying security flaw that hasn't been patched for all Android phones other than Pixel models is CVE-2024-29745, which is even more dangerous than CVE-2024-32896. Google said it patched this vulnerability for Pixel devices in April. CVE-2024-29745 is believed to need to work in conjunction with another security flaw to cause damage to unpatched Android phones.
CVE-2024-29745 affects firmware released by individual manufacturers and will need to be addressed by individual manufacturers. Hopefully Samsung will include patches for both vulnerabilities in its August security update.
Other Android phones should get patches for both vulnerabilities when the stable versions of Android 15 are released for each phone. Samsung wants its phones patched before Android 15 is released, and it now looks like that will happen, so Galaxy owners should install the August update as soon as it rolls out to their devices.