- Never mind the December security patches, Samsung haven't even released the November patches yet, the ones for the critical severity RCE. Unless you have a "major flagship model" [1], because apparently only the richest users deserve to be secure.
[1] https://security.samsungmobile.com/securityUpdate.smsb
- No fix yet for Samsung. Being reliant on the hardware manufacturer (or network operator?) for OS updates is the crazy world we live in.
- > This [update] was rushed out to all Pixel users.
Pixel 8 here, still don't have the update. That's... not great.
by RadiozRadioz
3 subcomments
- I'm really struggling to find any concrete information about what this vulnerability actually is. Does anyone know where to look for a good summary?
by baal80spam
4 subcomments
- This requires user action, right? User needs to install the APK by hand? In other words - if I don't install any crap on my phone I am safe?
by charcircuit
2 subcomments
- >But in reality, Samsung (and the other Android OEMs) cannot compete with Google and its unique control over hardware and software.
Yes, they can. We are talking about applying provided security patches to source code, and then releasing a new version of their OS. For patches that have existed for months. The time from patch to release should be on the order l
of days from receiving the patches to having a validated OS release with the fix being sent to users. It's not the control of Android which makes Google possible to patch their Pixel branch of AOSP faster than Samsung can patch their own. It's that Samsung doesn't care about prompt security fixes so they don't allocate engineers to do the work.
- While the information leakage/disclosure is a big issue, It feels like its still a big jump to get users to install off-Play Store APKs?
by Squeeze2664
3 subcomments
- Is GrapheneOS affected?
by BXLE_1-1-BitIs1
1 subcomments
- I choose not to install any banking app and do my banking in incognito mode so that any malefactor who somehow gets into my device can't see where I bank.
Of course that leaves security in the hands of the browser.
by resist_futility
1 subcomments
- nice list of vulnerabilities and source changes
https://source.android.com/docs/security/bulletin/2025-12-01
- Why anybody would buy a Samsung product at this point I don't understand.
Every single Samsung product I've had to use is actively user hostile. Like a petty kind of hostile.
by VortexLain
0 subcomment
- Closely tieing hardware and software instead of using unified OS images like on desktop, together with play "integrity" lock-in are the reasons why there are no security updates and software freedom on the mobile.
by londons_explore
0 subcomment
- > with attacks that can achieve “remote denial of service
Denial of service doesn't sound so bad... Does a reboot of the device solve it?
- My tinfoil hat might be on too tight again... but the timing of this exploit coinciding with Google's full court press on Android user rights is just a little suspect. Especially after the ongoing public education campaign about the evils of "sideloading" an Android application.
- I don't understand why Samsung, with all their money, does not make their own fork so it does not have to rely on Google. I guess that is how they get all their money though. I was inches away from buying a 25+ this week. Glad I did not.
But I mean, why do we only have two choices of OS for phones (I did not include GrapheneOS because it not easily available for the normie)? That is what is ridiculous. And why, in the US, do I only get three choices of flagship phones when in Asia they have like twenty? I hate this third world country I am living in.
- Forbes as always top notch journalism, what does Samsung have to do with Google updates and why are they indirectly blamed for Samsung's slowness?..
by domoregood
0 subcomment
- https://archive.is/krzUC
- [dead]
by purplehat_
7 subcomments
- [dead]
Hacker News