Samsung's Galaxy S25 Purchasers Encounter Unexpected Time Constraint in Update Release
Erstwhile Samsung enthusiasts, buckle up! The highly anticipated Galaxy S25s has started shipping, while the S24s and S23s are on the brink of receiving an Android 15/One UI 7 upgrade. However, the new OS has experienced numerous delays, but it can't be long now.
Surprisingly, those who've recently purchased the Galaxy S25 find themselves in an unexpected predicament. Last week, the United States Cybersecurity and Infrastructure Security Agency (CISA) advised all federal employees to update their Android devices by February 26th or power them down. This mandate was spurred by Google's warning about a zero-day vulnerability in Android's kernel, currently under active exploitation. Google has quickly released a fix for its Pixel devices, which is now available.
On the other hand, Samsung released its own February security update, but the CVE-2024-53104 fix was absent. It seems plausible that Samsung will release this fix alongside the monthly update or even in March's, although it wasn't included in the bulletin. Previous approaches have demonstrated both options for critical fixes.
CVE-2024-53104 is a severe security issue affecting the way devices manage video frames, leading to memory instability and opening doors for additional exploits. While specifics are sparse, the vulnerability has allegedly been targeted via a physical USB connection, with law enforcement and forensic data grabs appearing the prime suspects.
As Recorded Future warns, "This vulnerability could be exploited by malicious actors to execute arbitrary code or cause denial-of-service conditions. Users are strongly advised to update their Linux kernels to address this security flaw."
The absence of this fix is certainly problematic for all Galaxy users, but it's particularly galling for S25 owners. Although February's update doesn't officially tackle the issue, S25 devices seem to be stuck on December's release, which is far from satisfactory.
Pune News shares this sentiment, stating, “Samsung needs to act fast. The excitement surrounding the [S25’s] speed, camera, and features is palpable, but a serious security concern has emerged that could dampen its appeal. Despite being praised for its performance, the S25 Ultra is still vulnerable to a critical security flaw that could affect users.”
SammyFans echoes these concerns, asserting that "the Galaxy S25 has one big security flaw." The website remarks that with "the Galaxy S25 Ultra still running on the December 2024 security patch," it remains vulnerable, rendering this security patch an urgent matter due to the active exploitation of the vulnerability.
I have reached out to Samsung for insight into the timeframe for the CVE-2024-53104 fix, encompassing both the Galaxy S25s and older flagship devices, with updates to follow here.
- Some Samsung users might consider switching to Google Pixel devices due to the quick fix provided by Google for the Android kernel vulnerability, as Samsung's February update did not include the needed fix for CVE-2024-53104.
- The Samsung Galaxy S25 Ultra, being the latest addition to Samsung's lineup, is particularly affected by the absence of the CVE-2024-53104 fix in its updates. This has led to discussions about Samsung's Android 15/One UI 7 upgrade plan for the S25 series and older flagship devices.
- Comparatively, Google's AI capabilities in Android devices, such as the Pixel series, have been commended for providing timely updates and security patches, creating a contrast between Google and Samsung in handling such vulnerabilities.
- In light of these events, Samsung AI might need to reevaluate its prioritization of security updates to prevent a deceleration in its market share, especially when competing with Google Samsung, which consistently positions strong security features as a selling point for its devices.
