With the release of the November Android security update earlier this month, Google let us know that two vulnerabilities were in the process of being actively exploited. To be precise, Google said that two of the flaws fixed in the update “may be under limited, targeted exploitation.” One of the flaws, CVE-2024-43047, is a dangerous flaw impacting certain Qualcomm Snapdragon chipsets. This flaw resulted in a warning from the U.S. government.
On October 8th, Uncle Sam told Android device users working for the government to update their handsets by October 29th or they must stop using their devices. Qualcomm says that it not only sent phone manufacturers the fixes to patch up these vulnerabilities in September, but it told these companies to deploy these patches on released phones as soon as possible. Attackers could obtain arbitrary code with kernel privileges, granting them full control over the affected device.
While Pixel users can install their November security update and receive the patch, the fix will not be found on the November security update for Samsung phones. The patch will be available for a large number of Qualcomm chipsets that have the vulnerability. Flaws like this are the reason why device owners need to take security updates seriously and install them as soon as they are available.
These are the Qualcomm chips affected by the dangerous CVE-2024-43047 vulnerability. | Image credit-Qualcomm
Sure, we’d rather get an update that includes new features and we know how boring a monthly security update can be. But considering what is at risk here, Pixel users should install the November security update right away while owners of Android devices made by Samsung should continue to download the security update each month as soon as they can. Eventually, the patch for CVE-2024-43047 will turn up in the security update for the Android phones released by Samsung.
And don’t forget, Google’s Threat Analysis Group said that CVE-2024-43047 is being exploited albeit on a limited basis. Pixel users, go to Settings > System > System update andfollow the directions to install the security update. Even though the patch isn’t on the November security update for Samsung devices, you need to install it anyway. On Samsung phones go to Settings > Software update > Download and install.