Millions of Samsung Galaxy users receive new warning
Samsung’s latest security update, released earlier this month, suddenly received a sting in the tail. Google has warned that a high-severity vulnerability affecting Samsung’s mobile processors has been exploited.
Samsung describes CVE-2024-44068 as “use after release of a mobile processor,” which “leads to privilege escalation.” This means that memory access is not properly shut down after the process terminates and can be accessed remotely. According to Google’s Xingyu Jin and Clement Lecigene, this is now “part of the exploit chain.”
This vulnerability by itself does not enable attacks on the device, but when combined with other vulnerabilities, it allows arbitrary code execution on the phone. “This zero-day exploit is part of an EoP chain,” the researchers report. “An attacker can execute arbitrary code in a privileged camera server process.”
This vulnerability affects drivers that handle media acceleration on devices. It’s interesting considering that in its October release, Samsung also addressed five critical vulnerabilities affecting Galaxy-specific processes in its Galaxy-specific firmware. This time, it also affected media processing on the device. Processing compressed video.
It’s unclear what kind of exploit was discovered or by whom, but given the large number of such attacks discovered by researchers in recent months, it’s possible that it’s related to spyware. Very expensive.
This week has already been a difficult week for Samsung and Google’s relationship, at least in tangible ways. As millions of Pixel devices install Android 15 along with heralded security updates, Samsung is lagging behind and will roll out its own Android 15 upgrade until 2025, around the same time as the launch of the Galaxy S25 series. There is no such thing.
Not all is well with Pixel, as device glitches and other initial issues have affected some upgrades, but the new The software is generally well received.
Our advice to Samsung Galaxy users is to update as soon as possible. However, related Exynos processors (9820, 9825, 980, 990, 850, W920) impact older devices that do not have monthly support. That might be a reason to upgrade.
