Samsung’s latest Galaxy S25 devices are now shipping, but owners face a security scare due to the delayed rollout of Android 15 / One UI 7. The US government has ordered federal staffers to update their Android devices by February 26th or power them down, citing a zero-day vulnerability in the kernel.
Google has already released a fix for Pixels, and Samsung dropped its own February security update without addressing the critical CVE-2024-53104 issue. This vulnerability affects how devices handle video frames, making them vulnerable to exploits when connected via physical USB.
While details are scarce, experts warn that this vulnerability could be exploited by malicious actors to execute arbitrary code or cause denial-of-service conditions. Users are advised to update their Linux kernels to address the security flaw.
The situation is particularly concerning for new S25 buyers, as their device appears stuck on December’s release, leaving it exposed to potential threats. Samsung has not yet commented on the timing of its fix, but experts emphasize that a swift resolution is necessary to mitigate the risk.
Zak Doffman, a Forbes security expert, notes that “Samsung needs to act fast” in addressing this issue, as it could impact the device’s appeal and user safety.
Source: https://www.forbes.com/sites/zakdoffman/2025/02/11/samsung-surprises-galaxy-s25-buyers-you-will-miss-deadline