This serves as a crucial reminder that the deadline set by the US government for applying this update is rapidly approaching. CISA has issued a warning regarding an unspecified vulnerability in the Android Framework that permits privilege escalation, urging users to "apply mitigations per vendor instructions" by November 28, or to cease using the product if such mitigations are not available. Essentially, users must update their devices by this date or refrain from using them until they do.
While CISA's official directive is directed at federal employees, the agency's scope extends much further, assisting all organizations in effectively managing vulnerabilities and staying abreast of threat developments. It maintains a Known Exploited Vulnerability (KEV) catalog to aid organizations in prioritizing their vulnerability management efforts.
Earlier this month, there was a significant push for Samsung's November security update, with Android Police reporting that "just a day after releasing the November 2024 update for the Galaxy S24, Samsung has rolled out the same security patch for Galaxy S23 users in the US. It's commendable to see Samsung providing updates so swiftly — particularly ahead of Google's own Pixel devices."
There have been instances in the past where the U.S. government has expedited update schedules, whether intentionally or not, requiring fixes to be implemented. Consequently, it is anticipated that all U.S. users with a regular monthly update plan should receive their updates punctually. However, there is an ongoing concern regarding Qualcomm’s zero-day patch from the previous month, which was not included in Samsung’s November release, unlike the updates for Pixel devices. It remains uncertain if this patch has been applied, and the separate deadline set by CISA in October has already been overlooked by all parties. Nevertheless, Samsung has stated that the patch is being distributed to devices, despite its absence from the November security update bulletin.🛡️ We added 4 CVEs to our Known Exploited Vulnerabilities Catalog. Visithttps://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec pic.twitter.com/byc2dLxxzm
— CISA Cyber (@CISACyber) November 7, 2024
In response to inquiries about CVE-2024-43047, the company acknowledged the report concerning potential vulnerabilities in certain Qualcomm chipsets and confirmed their collaboration with Qualcomm to resolve the issue. They indicated that security updates began rolling out in October, with additional updates expected to be released at varying times depending on the network provider or device model. Users are encouraged to keep their devices updated with the latest software.
Regarding CISA’s update mandate for November 28, Google issued a warning earlier in the month about CVE-2024-43093, which “may be under limited, targeted exploitation,” although no further details were shared. This vulnerability has been patched across all Android devices, in contrast to CVE-2024-32896, which was initially addressed only for Pixel devices before being extended to all Android OEMs, including Samsung.🤣
— xvonfers (@xvonfers) November 5, 2024
{exploited ITW}(CVE-2024-43093)[341680936]App crafts manipulated documentId -> bypasses path restriction in shouldHideDocument() -> unauth access to restricted directories -> reads/modifies sensitive datahttps://t.co/b91GkU4xb3https://t.co/x4iyELcNj3https://t.co/IG51ZWHXxR https://t.co/7uWmGGsNfZ pic.twitter.com/H5kLmNJ5i2
Zimperium’s 2024 Global Mobile Threat Report highlights that 82% of organizations permit employees to use their own devices (BYOD) within the workplace and connect to corporate systems. This situation elevates the challenges faced by corporate security teams, linking back to the broader implications of CISA’s update mandates.
The vulnerability allows an attacker to gain access to restricted storage on devices, posing a significant risk. This concern is underscored by Zimperium's findings, which indicate that 70% of organizations do not sufficiently secure personal devices used for work, with 90% of successful cyberattacks originating from endpoint devices. Additionally, 71% of employees acknowledge engaging in risky behaviors.
In other news, reports have emerged this week regarding an unexpected Samsung update being rolled out to certain flagship models. According to SammyFans, "Samsung has released an urgent new software update for select Galaxy devices. Many users received a notification on their home screens urging them to install the latest update. While the update appears to be routine, it may contain important enhancements for your Galaxy device."Anyone got this update?
— Samson Sir (@SamsonSirJi) November 18, 2024
Urgent new software update for your Samsung Galaxy device? pic.twitter.com/n9jEUdqcyB
In summary, it is crucial to follow CISA's recommendations and deadlines to ensure that all updates are installed on your phone, particularly if you use it for work or connect to company systems. You can verify if your model is eligible for this release here. If it is not, it may be time to consider upgrading to a device with a regular monthly security update schedule.