Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Samsung to Deliver Monthly Over the Air Security Updates for Android

Samsung to Deliver Regular Security Updates Around Once a Month to Android-based Galaxy Devices

Samsung to Deliver Regular Security Updates Around Once a Month to Android-based Galaxy Devices

Smartphone maker Samsung said on Wednesday that it soon will implement a new Android security update process that fast tracks mobile security patches over the air when security vulnerabilities are uncovered.

The security updates for the popular Android mobile OS will take place regularly about once per month to Galaxy devices, the company said.

The South Korea-based maker of popular Android smartphones said that it recently fast tracked security updates to its Galaxy devices in response to the recent Android “Stagefright” vulnerabilities uncovered late last month by security firm Zimperium.

Samsung Security Updates

Described by Zimperium as the “worst” Android flaws discovered to date, the series of critical remote code execution vulnerabilities allow a malicious actor to compromise an Android device simply by knowing the targeted user’s phone number and sending an MMS message.  

Acknowledging the importance of time sensitivity in addressing major vulnerabilities, the company said that it plans to further develop the process and implement it as a timely and ongoing security update practice.

“With the recent security issues, we have been rethinking the approach to getting security updates to our devices in a more timely manner,” said Dong Jin Koh, EVP of Mobile Research and Development at Samsung Electronics. “Since software is constantly exploited in new ways, developing a fast response process to deliver security patches to our devices is critical to keep them protected. We believe that this new process will vastly improve the security of our devices and will aim to provide the best mobile experience possible for our users.”

Samsung said that it is currently discussing the new approach to addressing security flaws with carriers around the world, noting that more details about the specific models and timelines will be released soon.

In addition to Samsung, Google also said on Wednesday that it has started a new Android monthly security update process for its Nexus devices.

News of the efforts by Google and Samsung is a huge win for Android users. For years, wireless carriers and phone manufacturers have been accused of putting profits over protection and dragging their feet on regular operating system updates, making Android users vulnerable to malware and other attacks.

Related Reading: Carriers Cripple Android, Prioritize Profits Over Protection

*Updated with details on Google issuing updates

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Vulnerabilities

GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet