logoalt Hacker News

Google confirms Android attacks; no fix for most Samsung users

87 pointsby mohi-kalantaritoday at 4:32 PM69 commentsview on HN

Comments

ptxtoday at 7:55 PM

Never mind the December security patches, Samsung haven't even released the November patches yet, the ones for the critical severity RCE. Unless you have a "major flagship model" [1], because apparently only the richest users deserve to be secure.

[1] https://security.samsungmobile.com/securityUpdate.smsb

show 2 replies
xnxtoday at 5:09 PM

No fix yet for Samsung. Being reliant on the hardware manufacturer (or network operator?) for OS updates is the crazy world we live in.

show 4 replies
kelnostoday at 5:23 PM

> This [update] was rushed out to all Pixel users.

Pixel 8 here, still don't have the update. That's... not great.

show 5 replies
RadiozRadioztoday at 7:23 PM

I'm really struggling to find any concrete information about what this vulnerability actually is. Does anyone know where to look for a good summary?

show 3 replies
londons_exploretoday at 8:15 PM

> with attacks that can achieve “remote denial of service

Denial of service doesn't sound so bad... Does a reboot of the device solve it?

baal80spamtoday at 5:13 PM

This requires user action, right? User needs to install the APK by hand? In other words - if I don't install any crap on my phone I am safe?

show 4 replies
charcircuittoday at 5:37 PM

>But in reality, Samsung (and the other Android OEMs) cannot compete with Google and its unique control over hardware and software.

Yes, they can. We are talking about applying provided security patches to source code, and then releasing a new version of their OS. For patches that have existed for months. The time from patch to release should be on the order l of days from receiving the patches to having a validated OS release with the fix being sent to users. It's not the control of Android which makes Google possible to patch their Pixel branch of AOSP faster than Samsung can patch their own. It's that Samsung doesn't care about prompt security fixes so they don't allocate engineers to do the work.

show 2 replies
resist_futilitytoday at 5:39 PM

nice list of vulnerabilities and source changes

https://source.android.com/docs/security/bulletin/2025-12-01

show 1 reply
Squeeze2664today at 4:54 PM

Is GrapheneOS affected?

show 3 replies
rew0rktoday at 5:15 PM

While the information leakage/disclosure is a big issue, It feels like its still a big jump to get users to install off-Play Store APKs?

purplehat_today at 5:06 PM

[flagged]

show 7 replies
baarontoday at 5:34 PM

My tinfoil hat might be on too tight again... but the timing of this exploit coinciding with Google's full court press on Android user rights is just a little suspect. Especially after the ongoing public education campaign about the evils of "sideloading" an Android application.