{"id":7456,"date":"2025-04-10T09:15:09","date_gmt":"2025-04-10T09:15:09","guid":{"rendered":"https:\/\/www.europesays.com\/uk\/7456\/"},"modified":"2025-04-10T09:15:09","modified_gmt":"2025-04-10T09:15:09","slug":"googles-android-update-bad-news-for-samsung-and-pixel-users","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/uk\/7456\/","title":{"rendered":"Google\u2019s Android Update\u2014Bad News For Samsung And Pixel Users"},"content":{"rendered":"

More bad news for Android users.<\/p>\n

CFOTO\/Future Publishing via Getty Images<\/p>\n

Update: Republished on April 10 with confirmation that cyber attacks are now targeting Android phones with sophisticated new spyware.<\/p>\n

We live in interesting times. For the third month running, Google has confirmed the bad news that Android phones are under attack<\/a>, as another routine monthly security release turns into an emergency update now warning. There is one critical difference this time though, with major implications for both Pixel and Samsung.<\/p>\n

\u201cThere are indications,\u201d Google warns, that CVE-2024-53150 and CVE-2024-53197 \u201cmay be under limited, targeted exploitation.\u201d The first is a memory vulnerability within Android\u2019s kernel, leaving a device exposed to local data exfiltration. If that brings forensic exploits to mind, then the second vulnerability hammers it home. This is another of the flaws known to have been exploited by Cellebrite in Europe.<\/p>\n

ForbesGoogle\u2019s Chrome Upgrade\u2014Stop This Silent Tracking NowBy Zak Doffman<\/a><\/p>\n

While Android zero-days may now be the norm, what isn\u2019t the norm is Samsung matching Pixel\u2019s pace in rushing out these updates. Last month, the Galaxy-maker missed one of Android\u2019s exploited fixes<\/a> yet again. But CVE-2024-50302 from March is included in Samsung\u2019s April update<\/a>, a month behind Pixel. Much more notably, both of Android\u2019s April fixes are also included in Samsung\u2019s April release. That\u2019s a big deal.<\/p>\n

According to Android hardener GrapheneOS<\/a>, these \u201c2 more vulnerabilities marked as being exploited in the wild [are]<\/p>\n

both vulnerabilities for locked devices,\u201d which its software \u201cmade both far harder to exploit while unlocked.\u201d It says both vulnerabilities \u201cwere being exploited by Cellebrite for data extraction from locked Android devices.\u201d<\/p>\n

With perfect timing, the need to ensure Android (and iPhone) phones are always updated when new security fixes are released has been reinforced by a raft of government intel agencies. \u201cIn new advisories,\u201d the cyber wing of the U.K. spy agency<\/a> warned \u201cthe National Cyber Security Centre (NCSC) \u2013 a part of GCHQ \u2013 and agencies in Australia, Canada, Germany, New Zealand and the United States have revealed details about how malicious cyber actors are using two forms of spyware to target individuals.\u201d<\/p>\n

The latest attacks have been attributed to Chinese state affiliated actors, targeting \u201cUyghur, Tibetan and Taiwanese communities as well as civil society groups\u2026 The malicious software \u2013 dubbed MOONSHINE and BADBAZAAR \u2013 hide malicious functions inside otherwise legitimate apps in a technique known as \u2018trojanising\u2019.”<\/p>\n

These trojans hijack a device, accessing microphones, cameras, on device data including messaging and photos, as well as deploying real-time tracking. These kinds of vulnerabilities are being exploited by forensic firms, cybercriminals and state actors. There\u2019s a constant game of cat and mouse with Google, Samsung and other OEMs \u2014 as well as Apple \u2014 to stay ahead, or rather not too far behind.<\/p>\n

ForbesMicrosoft Users Now At Risk\u2014New Update Destroys WindowsBy Zak Doffman<\/a><\/p>\n

But Samsung has been falling behind<\/a> in security updates just as the Android world obsesses about its delays on Android OS upgrades as well. With notable timing, these security updates turned up the same day Samsung finally started to roll out its stable One UI 7 \/ Android 15 upgrade<\/a> to its 2024 and 2023 flagships.<\/p>\n

Yet again this month we have seen forensic exploits patched by one of Android or iPhone, with both global operating systems clearly vulnerable to the deep pockets of an industry primed to break device security. Samsung\u2019s One UI 7 incudes new protections against these forensic exploits and Android 16 looks like it will match iPhone\u2019s non-activity reboot<\/a>, making such exploits harder. Interesting times indeed.<\/p>\n","protected":false},"excerpt":{"rendered":"More bad news for Android users. CFOTO\/Future Publishing via Getty Images Update: Republished on April 10 with confirmation…\n","protected":false},"author":2,"featured_media":7457,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3159],"tags":[4697,4700,4699,4698,547,4696,4692,4695,4694,4693,53,16,15],"class_list":{"0":"post-7456","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-mobile","8":"tag-android-15-samsung","9":"tag-android-16-beta","10":"tag-android-16-leak","11":"tag-android-16-samsung","12":"tag-mobile","13":"tag-pixel-vs-iphone","14":"tag-pixel-warning","15":"tag-samsung-vs-iphone","16":"tag-samsung-vs-pixel","17":"tag-samsung-warning","18":"tag-technology","19":"tag-uk","20":"tag-united-kingdom"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@uk\/114312912796345330","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/7456","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/comments?post=7456"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/7456\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media\/7457"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media?parent=7456"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/categories?post=7456"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/tags?post=7456"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}