Google and Samsung Address Critical Android Vulnerabilities Amid Active Exploits

Google's November security update fixes two zero-day vulnerabilities, while Samsung faces delays in patching critical flaws.

Google's November Android security update addresses 51 vulnerabilities, including two actively exploited zero-day flaws: CVE-2024-43047 and CVE-2024-43093.
CVE-2024-43047 is a high-severity use-after-free issue in Qualcomm components, potentially exploited in targeted spyware attacks.
CVE-2024-43093 affects the Android Framework, allowing unauthorized access to app data, and is already patched in some Samsung devices.
Samsung users face delays in receiving the CVE-2024-43047 fix, with a risk of not getting updates until December, impacting Galaxy flagship owners.
The U.S. cybersecurity agency has mandated federal phone users to update their devices due to the Qualcomm vulnerability, highlighting the urgency of these security patches.