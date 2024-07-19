Summary Samsung is releasing a critical security patch for Galaxy devices in August, addressing the CVE-2024-32896 Android vulnerability.

Google first said the vulnerability is limited to Pixel devices. As it turns out, all Android devices are hit with this vulnerability and need security patches.

Non-Pixel Android devices also face the CVE-2024-29745 vulnerability, raising concerns about their security.

Back in June, we reported that Android devices were hit by a critical vulnerability, prompting Google to release a second installment of a zero-day exploit patch. At the time, it was believed the issue was only limited to Pixel devices, and no other Android devices were affected. However, the CVE-2024-32896 vulnerability, which targets all Android devices, poses a significant security risk, underscoring the urgent need for security patches to address the issue.

Initially, it was projected that companies would take approximately three months to release patches, and Android phones might have to wait for the Android 15 update to get a fix. However, Samsung has now stepped up with a proactive response. As reported by Forbes, Samsung has confirmed that a critical security patch will be available for Galaxy devices in August. Samsung has also said that the time frame might vary based on network provider and device, but the proactive step is a reassuring sign to Galaxy owners.

Samsung Galaxy devices will receive a critical security patch in August

The CVE-2024-32896 Android vulnerability was labeled as "High Severity" in the Pixel Update Bulletin, underlining the situation's urgency. Following Google's release of the fix for its Pixel phones, the US government issued a directive to federal employees to update their devices by July 4 or cease using them due to grave security risks.

In addition to the CVE-2024-32896 vulnerability, the security-focused GrapheneOS ROM also revealed that Android devices are hit with a more severe vulnerability, dubbed CVE-2024-29745. This vulnerability, which was fixed for Pixel devices with the April security patch, poses a significant security risk for non-Pixel Android devices. However, these devices have yet to receive a fix, raising concerns about their security. It remains to be seen if the second vulnerability will be addressed in Samsung's August patch for Galaxy devices.

While Google first tried to reduce the sensitivity by saying the issue was Pixel-limited, the scope of the vulnerability was much larger and expanded to all Android devices. It's good to see Samsung has stepped up sooner than other manufacturers to address the security holes. However, the potential concerns about non-Galaxy and non-Pixel devices receiving a fix have yet to be addressed.