The US government has issued a warning and requirements for employees using Samsung Galaxy smartphones in government agencies. Employees utilizing Galaxy smartphones for federal government work have been given a specific deadline to update their devices. This update is intended to address two software vulnerabilities that have been exploited in the real world, according to Google.
In July, federal government employees using Pixel smartphones were required to update their phones by July 4th or discontinue use due to a software bug classified as CVE-2024-32896. This vulnerability had the potential for exploitation with limited targeting. While Google fixed this vulnerability for Pixel phones in the July security patch, it remains present in all Android smartphones, including Galaxy devices.
The US government now requires federal employees who own Galaxy smartphones to update their devices within 21 days or discontinue use. The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on August 7th, extending the deadline to August 28th for US federal government employees to comply.
It is important to note that this requirement extends beyond government employees to certain organizations that are required to adhere to federal government guidelines. All Galaxy smartphone users are urged to install the August security update as soon as possible, as it is critical for addressing vulnerabilities.
Samsung needs to patch two vulnerabilities, namely CVE-2024-32896 and the more critical CVE-2024-29745, which could allow attackers to exploit privilege escalation and access sensitive information related to work and personal data.
