Google has issued an emergency update for Android phones, warning of critical vulnerabilities (CVE-2024-53150 and CVE-2024-53197) that may be under limited targeted exploitation. The updates include patches for memory vulnerabilities within the operating system’s kernel, leaving devices exposed to local data exfiltration.
Samsung has accelerated its response to these security threats, releasing an update in April that includes all four recently patched Android fixes. This marks a significant improvement over previous months, where Samsung had missed critical security patches.
The updates were released on the same day as Samsung began rolling out its stable One UI 7/Android 15 upgrade to its flagship devices. The new operating system includes additional protections against forensic exploits.
Google’s GrapheneOS software notes that two of these vulnerabilities are particularly concerning, as they target locked devices and can be exploited by Cellebrite for data extraction. However, the inclusion of all four patches in Samsung’s update suggests a significant shift towards prioritizing security. As both Android and iOS continue to face vulnerabilities, it remains unclear how long industry players will take to address these issues.
Source: https://www.forbes.com/sites/zakdoffman/2025/04/08/googles-android-update-bad-news-for-samsung-and-pixel-users