Updated October 30 with an update on Samsung’s head-to-head with the iPhone for global shipments and a potential rebranding, both impacting the premium phone market, more secure. This article was originally published on October 29.

Millions of Samsung Galaxy phones are now at risk of a serious hardware vulnerability – the second such warning in recent weeks. And even if the latest monthly security update fixes one of these threats, the other remains a threat. The US government has asked users to update their phones by Tuesday, October 29. The bad news is that this means the deadline has just arrived before the update. Yes, you need to update your phone, but no, you can’t do that right now.

Both vulnerabilities resulted in active attack warnings. One from Google, which alert Galaxy users who CVE-2024-44068 was targeted as “part of an exploitation chain” alongside other vulnerabilities. This is a “use-after-free” threat to Exynos processors, meaning that memory access is not terminated after processing, with latent pointers remaining. This can be exploited by malicious code. It mainly affects older phones and was fixed by Samsung in its October update.

ForbesApple Unveils “Revolutionary” iPhone Update: Samsung Has a Serious New ProblemBy Zak Doffman

The second alert comes from Qualcomm and affects a wide range of mobile devicesnot just those from Samsung. But given Samsung’s position as the dominant Android OEM, the impact on their install base will be greatest. The issue is the same type of use after free memory vulnerability, and it has also resulted in active attacks.

Earlier this month, Qualcomm acknowledged “indications from the Google Threat Analysis Group that CVE-2024-43047 may be subject to limited, targeted exploitation,” confirming that patches have been made available to Device OEM in September. It urges OEMs to deploy these fixes “to released devices as soon as possible.”

CISA, the US cybersecurity agency, added CVE-2024-43047 to its catalog of known exploited vulnerabilities, warning that “multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP services while retaining the memory cards of the HLOS memory. All federal employees have been instructed to “implement corrective measures or mitigation measures in accordance with the supplier’s instructions” by October 29, “or to cease use of the product if corrective measures or mitigation measures ‘mitigation is not available’.

In simple terms, this means updating or stopping using your phone. There is no update for Samsung phones yet. CVE-2024-43047 was not included in the Android or Samsung October updates, so this deadline is impossible to meet. The issue is widely expected to be fixed in Android’s November security update, but there’s a good chance Samsung Galaxy users will have to wait another month.

Samsung told me it “takes security issues very seriously.” We are aware of the report regarding potential vulnerabilities in certain Qualcomm chipsets and have worked with Qualcomm to resolve this issue. We started rolling out security updates since October, but updates may continue to be released at a later date, which varies by network provider or model. We always recommend users to keep their devices up to date with the latest software updates.

In the meantime, it warns that “some fixes received from chipset vendors may not be included in this month’s security update package.” They will be included in future security update packages as soon as the fixes are ready for delivery.

ForbesGoogle Warns 2 Billion Windows Users: Update Chrome Now as Dangerous Hackers RevealedBy Zak Doffman

So owners of Samsung models, like some Galaxy S23 devices, find themselves in the impossible position of an update deadline they simply cannot meet. Like I said before, just make sure to check out the November update as soon as it releases. In the meantime, vulnerability remains a risk.

The good news for Samsung users could be signs of life for the One UI 7 beta, which finally brings Android 15 to Galaxy phones much later than expected. SamMobile reported that while the company didn’t reveal the beta at its recent developers conference in the United States, “it looks like it might open the beta program at the SDC 2024 event in South Korea in november”. Nothing confirmed yet, but it would spark huge excitement as Android’s biggest OEM receives its biggest security update yet. Theft protection, live threat detection and private spaces could soon be exposed.

Meanwhile, meeting the CISA deadline may not be the only impossible task on Samsung’s immediate to-do list. There’s bad news for the Android OEM in terms of the latest global smartphone shipment statistics, as the company battles Apple in the premium segment – with Google’s Pixel also eroding some of its share of Android market in the most expensive segment and low-cost Chinese products. players are coming in from behind, with cheaper units offering much of the same technology.

ForbesNew warning from Google Play Store: You should stop installing these appsBy Zak Doffman

THE Financial Times reports that “Samsung Electronics is struggling to retain its crown as the world’s best-selling smartphone maker, deepening the growing crisis at South Korea’s largest company.” IDC just released an update on third-quarter smartphone shipments, showing Samsung down 3% year-over-year, from 21% to 18%. “Analysts estimate that the operating profit of its smartphone division fell as much as 30 percent during the same period.” flight reports.

Of course, it’s the iPhone that matters most. This is why Korean media reports suggest “Samsung is reviewing the subdivision of the ‘Galaxy’ smartphone brand, consisting of different ranges.” The idea being that the Galaxy brand would be reserved for the premium flagship handsets that come with iPhones, not the cheaper models.

This could have implications for security as well as AI, which have become two of the defining drivers of the premium segment. While devices are now expected to be supported (i.e. security updates) for six or seven years as standard, the cost and component implications are obvious. The same goes for AI, where on-device processing, powered by privacy, increases construction costs.

“Samsung Electronics has always led global smartphone shipments,” says the Korean. E Today“but sales are gradually decreasing. In addition, it lags behind the iPhone in the premium range, which is important in terms of profitability. In particular, the preference of young consumers for the iPhone is noticeable.”

As I reported earlier in the week, this divide between Samsung and iPhone may well be exacerbated by AI, with Apple’s Private Cloud Compute offering a revolutionary level of security and privacy in the cloud for data processing. off-device AI. If this becomes the logical extension of “what happens on your iPhone stays on your iPhone,” then Samsung will need an answer. Could we consider security and privacy as a differentiator in a more exclusive and premium Galaxy category, perhaps.