If you own a Samsung Galaxy mobile, you must apply the April critical update as soon as it becomes available. However, there is some unexpectedly terrible news for millions of customers, which could completely disrupt the functionality of your device.
The usual circus of model, nation, locked/unlocked, and network updates will take place as usual, with the S24 and newer flagships going first and early; budget and older models will have to wait until later in the month. For some, the March upgrades are still pending. This is OK in terms of features, but it poses a serious risk in terms of security fixes.
Not all devices even receive monthly security upgrades, which exacerbates the situation. A harsh surprise awaits millions of S20 owners when their handsets transition to quarterly updates. While they received the March patches, the April ones won’t be available. These gadgets aren’t even eligible for Android’s monthly updates anymore.
Due to the one-stop-shop nature of security upgrades offered by Apple, this arrangement still pales in comparison to the iPhone. To make matters worse, Android phones are still more vulnerable to numerous types of malware. These kinds of alerts have only been released in the past few days.
In addition to standard Android security patches, Samsung also releases its own security upgrades. Four of the Samsung updates are rated as high-risk because they all allow for arbitrary code execution. According to Samsung, this calls for a local attack—that is, direct physical access to the device—rather than a distant malware attack.
One of the Android upgrades is tagged as critical, denoting a “update now” alert. As is customary, no specifics are available at this early time, but it affects the Qualcomm chipset and resolves a memory corruption issue by eliminating a single even listener, which is a code trigger with a narrow focus.
The update for Android states that it has fixed “a system component that could lead to local escalation of privilege with no additional execution privileges needed. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.”
This implies that the danger is not simple to understand and that it needs the device to be functioning abnormally or for a chain of events including the vulnerability to be exploited.
Just for security reasons, you should update; nevertheless, April’s release will attract more attention than normal since it includes the S24 camera fixes and the One UI 6.1 update for eligible devices.
If the update isn’t installed automatically for you, keep an eye out for it and install it as soon as it becomes available, whether it does so seamlessly or not.