We live in interesting times. For the third month running, Google has confirmed the bad news that Android phones are under attack, as another routine monthly security release turns into an emergency update now warning. There is one critical difference this time though, with major implications for both Pixel and Samsung.
“There are indications,” Google warns, that CVE-2024-53150 and CVE-2024-53197 “may be under limited, targeted exploitation.” The first is a memory vulnerability within Android’s kernel, leaving a device exposed to local data exfiltration. If that brings forensic exploits to mind, then the second vulnerability hammers it home. This is another of the flaws known to have been exploited by Cellebrite in Europe.
While Android zero-days may now be the norm, what isn’t the norm is Samsung matching Pixel’s pace in rushing out these updates. Last month, the Galaxy-maker missed one of Android’s exploited fixes yet again. But CVE-2024-50302 from March is included in Samsung’s April update, a month behind Pixel. Much more notably, both of Android’s April fixes are also included in Samsung’s April release. That’s a big deal.
According to Android hardener GrapheneOS, these “2 more vulnerabilities marked as being exploited in the wild [are]
both vulnerabilities for locked devices,” which its software “made both far harder to exploit while unlocked.” It says both vulnerabilities “were being exploited by Cellebrite for data extraction from locked Android devices.”
This is critical because Samsung was falling behind in security updates just as the Android world obsesses about its delays on Android OS upgrades as well. With notable timing, these security updates turned up the same day Samsung finally started to roll out its stable One UI 7 / Android 15 upgrade to its 2024 and 2023 flagships.
Yet again this month we have seen forensic exploits patched by one of Android or iPhone, with both global operating systems clearly vulnerable to the deep pockets of an industry primed to break device security. Samsung’s One UI 7 incudes new protections against these forensic exploits and Android 16 looks like it will match iPhone’s non-activity reboot, making such exploits harder. Interesting times indeed.
