Overview
- Samsung, which began a phased rollout in South Korea on Tuesday, is pushing an April Galaxy update with 47 fixes, including 14 rated critical.
- Google's April bulletin fixes a framework bug (CVE-2026-0049) that can crash devices without any taps on Android 14 to 16.
- It also patches a StrongBox flaw (CVE-2025-48651) in hardware key storage from vendors like NXP or Thales, raising the risk of unauthorized access to protected cryptographic keys.
- Samsung lists four high‑severity bugs in Exynos chips and several Galaxy‑only SVEs, including a Knox Guard bypass and a retail‑mode privilege issue that can be triggered with brief physical access.
- Vendors report no active attacks but urge users to update now, with Pixel owners targeting patch levels 2026-04-01 or 2026-04-05 and Exynos fixes applying only to devices with those chips.