Tuesday, November 5, 2024

Samsung Issues Critical Update For Millions Of Galaxy Users

Must read

Updated on June 6 as Samsung withdraws support for certain phones.

Samsung has just issued details of June’s software update for its flagship devices. The release addresses Android and Galaxy vulnerabilities, including one critical fix that should be installed as soon as possible and, importantly, several that are missing.

While Samsung’s bulletin excludes three patches from Google’s own update—one has already been made available and two do not apply, that’s not the real issue for users.

ForbesGoogle Chrome Deadline-72 Hours To Update Or Delete Your Browser

Android’s own June update includes three critical Qualcomm fixes not yet listed in Samsung’s release. This might change, but it might also mean a delay in getting these fixes to Samsung devices—as we have seen in recent months. In prior months, the component updates were not provided until the following month’s release.

Qualcomm delivers patches directly to OEMs, and although it says they are “strongly recommended to deploy those patches on released devices as soon as possible,” Samsung warns that “some patches to be received from chipset vendors may not be included in the security update package of the month. They will be included in upcoming security update packages as soon as the patches are ready to deliver.”

Where component updates are genuinely critical, it would be good to see them included within a release, even if that delays it by a few days. The second part of the Android update is not formally released until June 5—including the Qualcomm updates. We will see if they make it into a revised Samsung June release.

Delays are something of a watchword when it comes to Samsung’s monthly release, primarily because of the patchwork quilt schedule that sees different devices, regions and carriers—with different locked/unlocked status—updated separately.

Where Samsung does triumph over Apple is in the longevity of its support offering—at least according to recent headlines, As reported by Android Authority, “Apple finally confirms how long it will support iPhones, and it’s less than Samsung… Apple will support the latest iPhones for at least five years, less than the seven years guaranteed by Samsung and Google.”

The update comes courtesy of Apple’s filing to comply with the UK’s new Product Security and Telecommunications Infrastructure (PSTI) regulations. Apple’s iPhone 15, it says, will be supported for a “minimum 5 years from the first supply date.”

That said, it’s something of a stretch to laud Samsung’s PR campaigned 7-year offering against Apple’s regulatory filing. iPhones often receive security updates long beyond the five-year mark, and there’s no reason to assume this will change.

As 9to5Mac commented following these latest reports, “iPhones have a strong track record of being used and supported by Apple for periods long past this five year guarantee. For example, iOS 15 shipped a security update this March that runs on the iPhone 6s, a device that’s nearly nine years old.”

Although the site did also point out that “it is peculiar that Apple wouldn’t commit to matching the seven-year guarantees of Samsung and Google, but iPhone users shouldn’t worry about their devices losing security updates at the five-year mark. Apple’s track record shows that it’s better than that.”

ForbesForget iOS 18-Millions Of iPhone Users Now Have RCS Messaging

While the longevity of software support and security updates has made headlines given Apple’s promised five-year minimum term versus Samsung’s seven, this isn’t a good news story for every user. Separately, Samsung has just completely ended support for three models sold with a significantly shorter support term.

The company’s Galaxy A 51 5G, Galaxy A41 and Galaxy M01 were all assured of four-year support when released back in 2000. That term has now expired. And so, as Phone Arena reports, “not only will this trio not receive any more Android updates but starting this month none of these phones will be receiving security updates as well.” That said, there are always exceptions, and “if a very critical vulnerability is discovered, we can’t rule out Sammy taking extraordinary measures by pushing out an update to models that have lost support. It has been done before.”

But if you own one of those devices—the A51 5G—then read on, because before the ink was dry on that end of support news, there was something of a surprising twist. As reported by SamMobile, despite Samsung’s end of support confirmation, “the company is now rolling out a new software update for the smartphone, and it brings the May 2024 security patch, which fixes 45 security issues.”

It seems that Samsung has released the update for “the international variant of the Galaxy A51 5G and to the carrier-locked variant of the phone for the United States which have model numbers SM-516B and SM-516U1.” All told, it’s a confusing picture and it’s hard to pin down the logic, which doesn’t help users making expensive decisions on upgrades to new models.

Again, this doesn’t play especially well against the simplicity offered by other OEMs, and there’s clearly a major risk for users hanging onto relatively new devices that are suddenly cut loose from important updates.

In recent days we have seen reports on the latest dangerous malware-laced apps found on Google’s Play Store. And while such apps are removed once discovered, the risk for users is the sheer numbers of installs beforehand. A device that doesn’t have the latest defenses is especially vulnerable.

The Zscaler team behind this latest research warns that “we identified and analyzed more than 90 malicious applications uploaded to the Google Play store. These malware-infected applications have collectively garnered over 5.5 million installs.”

That’s a lot of potentially infected devices out in the wild. And the implications can be severe. According to the research team, this latest malware “exfiltrates sensitive banking credentials and financial information from global financial applications. It achieves this through the use of overlay and accessibility techniques, allowing it to intercept and collect data discreetly.”

And so, while it’s important to be sensitive to the economic challenges inherent in upgrading relatively new smartphones, it’s difficult to advocate for anything other than a supported device. And given that Samsung runs a schedule whereby many of its cheaper and older phones drop down to quarterly updates only, that starts to point to the upper end of the range price-wise. Difficult choices for users.

Much more critically—and as I have said before, in a world where Apple and Google can update all users in the same run, it would be good to see Samsung start to do the same. Awkwardly, some lower level, cheaper Galaxy devices are still getting their May updates even now. And those optics are not especially good when it comes to security.

Although nothing stands out in June’s release, except for those critical, currently missing Qualcomm patches, Google does warn that a number of its own high severity vulnerabilities “could lead to local escalation of privilege with no additional execution privileges needed.” That means an attacker would need physical access to your phone, as opposed to something that can be executed remotely. Thus the rating.

Samsung’s own high-severity patches this month are similar in nature.

ForbesNew Android Warning Shows Your iPhone Is Still Impossible To Beat

With Android 15 currently in beta, heavily focused on security and privacy enhancements and features and set to go head-to-head with iOS 18 in the fall, Samsung’s stilted update approach will continue to stand out, especially as its Galaxy AI battles Apple’s new iPhone AI at the premium end of the market.

As I said last month, the optics for Samsung when Apple can update all iPhones twice within a fortnight—albeit its own mistake led to the second unplanned update, makes it seem that the bit-by-bit schedule has maybe had its time.

Latest article