We live in interesting times. For the third month running, Google has confirmed the bad news that Android phones are under attack, as another routine monthly security release turns into an emergency update now warning. There is one critical difference this time though, with major implications for both Pixel and Samsung.
“There are indications,” Google warns, that CVE-2024-53150 and CVE-2024-53197 “may be under limited, targeted exploitation.” The first is a memory vulnerability within Android’s kernel, leaving a device exposed to local data exfiltration. If that brings forensic exploits to mind, then the second vulnerability hammers it home. This is another of the flaws known to have been exploited by Cellebrite in Europe.
While Android zero-days may now be the norm, what isn’t the norm is Samsung matching Pixel’s pace in rushing out these updates. Last month, the Galaxy-maker missed one of Android’s exploited fixes yet again. But CVE-2024-50302 from March is included in Samsung’s April update, a month behind Pixel. Much more notably, both of Android’s April fixes are also included in Samsung’s April release. That’s a big deal.
According to Android hardener GrapheneOS, these “2 more vulnerabilities marked as being exploited in the wild both vulnerabilities for locked devices,” which its software “made both far harder to exploit while unlocked.” It says both vulnerabilities “were being exploited by Cellebrite for data extraction from locked Android devices.”
Source: Google’s Android Update—Bad News For Samsung And Pixel Users
