Samsung’s Galaxy updates – or lack thereof – have been making headlines throughout October. with frustrating delay of One UI 7 and Android 15 confirmed at SDC. There was also a warning from Google that the attacks had exploited vulnerabilities in Samsung’s own chipsetsprompting users to apply the October security update.

ForbesGoogle Warns 2 Billion Windows Users: Update Chrome Now as Dangerous Hackers RevealedBy Zak Doffman

But while Samsung was quick to update the risks with its own Exynos processors in October, the crucial question for Galaxy users will be whether the imminently expected November monthly security release will fix a another vulnerability currently under attack.

This warning affects several Qualcomm chipsets, with the manufacturer informing that “there are indications from the Google Threat Analysis Group that CVE-2024-43047 may be subject to limited and targeted exploitation.” » It says it made fixes available to device OEMs in September and urged them to deploy these fixes “to released devices as soon as possible.” Amnesty has also spoken out on this point, suggesting targeted attacks against journalists, dissidents and activists.

This active exploitation prompted the US cybersecurity agency to add CVE-2024-43047 to its catalog of known exploited vulnerabilities, requiring all federal employees to update their devices. CISA warned that “multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP services while retaining memory maps of HLOS memory.” This type of memory threat occurs when a pointer to a device’s dynamic memory is not cleared properly, leaving it open to manipulation by malicious code to access that memory.

This vulnerability has not been fixed in October releases Android Or Samsungbut it will probably be released in the November Android update. Interestingly, this means that not all users will meet the October 29 CISA update deadline.

The risk for Samsung users is that Qualcomm’s recent updates were only made available to Galaxy users a month after they appeared in Android security. bulletin, which would leave Galaxy devices vulnerable until December. Samsung warns that “some fixes received from chipset vendors may not be included in this month’s security update package.” They will be included in future security update packages as soon as the fixes are ready for delivery. I asked Samsung for confirmation that this particular update would be included in November.

ForbesNew warning from Google Play Store: You should stop installing these appsBy Zak Doffman

When this update is released, you should look for CVE-2024-43047 in the patch list and also have your device on the monthly update schedule. If not, and you have reason to be concerned about spyware or other phone compromises, you should pay close attention to warnings from Google and Amnesty.

The above list of affected chipsets is long, but it will be the different generations of Snapdragon, including Snapdragon 8 (Gen 1), that will be particularly notable, impacting several Samsung devices. You can check if yours is on this list here.