While some Samsung flagships have already received the November security updatethe manufacturer of the Galaxy has just released details about the contents of the patch…and perhaps more importantly, what isn’t. This coincides with Google publishing details of the Android November Updatewith a warning that two vulnerabilities are actively attacked.

Samsung has patched an Android Zero-Day, CVE-2024-43093, a vulnerability in the Google Play framework that underpins the app infrastructure on devices. It is describe “as an elevation of privilege vulnerability in the Android Framework component that could result in unauthorized access to data.”

ForbesGmail ‘suddenly’ stops working due to new update failure: here’s what you doBy Zak Doffman

There are no critical updates for Android, although 38 high-severity vulnerabilities have been fixed, as well as one high-severity flaw in Samsung semiconductors and five high-severity vulnerabilities with their own software. Users should update as soon as the software is downloaded to their devices, depending as usual on model, region and carrier.

More concerning is the lack of a patch for CVE-2024-43047, which Qualcomm and now Google say “could be subject to limited and targeted exploitation.” This fix is ​​missing from the update notice page, at least for now. Last month, Qualcomm acknowledged “indications from the Google Threat Analysis Group that CVE-2024-43047 may be subject to limited, targeted exploitation,” confirming that patches have been made available to OEMs. devices in September, calling for deployment as soon as possible.

I asked Samsung if this would be fixed in November, given that the manufacturer warns that “some fixes to be received from chipset vendors may not be included in that month’s security update package.” They will be included in future security update packages as soon as the fixes are ready for delivery.

Samsung told me that it “takes security issues very seriously” and that “we are aware of the report regarding potential vulnerabilities in certain Qualcomm chipsets and have worked with Qualcomm to resolve this issue.” We started rolling out security updates since October, but updates may continue to be released at a later date, which varies by network provider or model. We always recommend users to keep their devices up to date with the latest software updates.

As I warned at the time, there’s a high risk that users won’t receive this update until December, the usual one month since Android rolled out. This is inconvenient for owners of expensive Galaxy flagships, given that the Pixels received the update faster. This is becoming a regular problem and should be fixed.

This is made more troublesome because the US Cybersecurity Agency issued a warning last month for all federal phone users to patch the Qualcomm vulnerability by the end of October or stop using their phones. Not possible for Samsung users even now.

ForbesApple’s next update surprises iPhone users: it completely changes your phoneBy Zak Doffman

The backdrop to this November update is the good news that the upcoming Galaxy S25 could be the first flagship to bring Google’s seamless updates to users. This makes the update process faster and easier. By itself, this won’t solve the model, region, and carrier issue, but it’s a step in the right direction.

The other backdrop is of course Android 15 and the continued wait for Samsung’s One UI 7, even in beta form. It’s planned this month, maybe next week. But the stable version, just like seamless updates, will not be available until the Galaxy S25 series launches in 2025.