Wednesday, May 14, 2025
Homecyber securitySamsung Security Updates to Mobile Devices to Fix Critical Security Vulnerabilities

Samsung Security Updates to Mobile Devices to Fix Critical Security Vulnerabilities

Published on

SIEM as a Service

Follow Us on Google News

Recently, Samsung has rolled out security updates for its mobile devices to fix some critical security vulnerabilities. In September, Samsung has published the official changelog mentioning many of the vulnerabilities of all the latest over-the-air.

This security update has many vulnerability patches that fix all sought of critical vulnerabilities in many version of Android operating systems. However, the security update that the company has already released covers its Exynos-powered international Galaxy Note 9 model (SM-N960F) with the September 2020 patch.

While the OTA states that the security patch level of cooperative Galaxy devices is up to September 1st, 2020, it involves 15 security fixes, particularly to Samsung’s devices. 

- Advertisement - Google News

And on the other side, Samsung’s sustaining update joins Google’s patches with those particular to smartphones and tablets, of its customized variant of the OS.

According to the reports, the update that has been launched also implies that the first fix is Samsung’s fixes for a 5G-specific vulnerability. This vulnerability reworks in the manner in which USB debugging instructions concerning LTE and 5G commands can be used without the user’s permission.

Most Affecting Vulnerabilities

Among all the vulnerabilities, the most affecting vulnerability was CVE-2020-0240, it’s a remote code execution vulnerability produced by an “integer overflow” bug in the Android operating system. According to the researchers, this vulnerability would enable a remote attacker to gain full authority over your device.

There are some other vulnerabilities, too, that cover those which enable you to bypass user communication to obtain aerial permission. This vulnerability would allow an attacker to manage code at higher authorities, then it usually would.

However, in the case of exploitation, the most critical vulnerability in this segment could easily allow a confined malicious application to bypass user communication demands to obtain access to additional authorities.

Other Vulnerabilities are Fixed in This Update

Framework

CVETypeSeverityUpdated AOSP versions
CVE-2020-0240RCEHigh10
CVE-2020-0238EoPHigh8.0, 8.1, 9, 10
CVE-2020-0257EoPHigh10
CVE-2020-0239IDHigh9, 10
CVE-2020-0249IDHigh8.0, 8.1, 9, 10
CVE-2020-0258IDHigh10
CVE-2020-0247DoSHigh8.0, 8.1, 10

Media Framework

CVETypeSeverityUpdated AOSP versions
CVE-2020-0241EoPHigh8.0, 8.1, 9, 10
CVE-2020-0242EoPHigh8.0, 8.1, 9, 10
CVE-2020-0243EoPHigh8.0, 8.1, 9, 10

System

CVETypeSeverityUpdated AOSP versions
CVE-2020-0108EoPHigh8.1, 9, 10
CVE-2020-0256EoPHigh8.0, 8.1, 9, 10
CVE-2020-0248IDHigh10
CVE-2020-0250IDHigh10

Bugs May Still be Exploitable

In the case of Samsun Galaxy  devices, the updates started this week, and it has its latest “security patch level” recorded “2020-08-01.” This indicates that the high severity Escalation of Privileges (EoP) vulnerabilities to be determined by the “2020-08-05 security patch” are yet exploitable.

In the case of CVE-2020-0259, this vulnerability can enable a locally present attacker to perform the arbitrary code execution on an unpatched device by increasing all the privileges. 

But, the experts have advised all the users to update their Android devices instantly, so that they can safeguard themselves against these bugs and secure their devices fully, and also recommended users to make sure that the “auto-update” settings have been enabled.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates

Also Read:

BLURtooth – A new Vulnerability Let Attackers to Overwrite the Authentication Keys

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Critical Samsung MagicINFO 9 Server Flaw Allows Arbitrary File Writes

Samsung’s SmartTV and digital signage ecosystem faces renewed cybersecurity scrutiny following the disclosure of...

Windows Ancillary for WinSock 0-Day Vulnerability Actively Exploited to Gain Admin Access

Microsoft has confirmed active exploitation of a critical privilege escalation vulnerability in the Windows...

Earth Ammit Hackers Deploy New Tools to Target Military Drones

The threat actor group known as Earth Ammit, believed to be associated with Chinese-speaking...

New Microsoft Scripting Engine Vulnerability Exposes Systems to Remote Code Attacks

Critical zero-day vulnerability in Microsoft’s Scripting Engine (CVE-2025-30397) has been confirmed to enable remote...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Critical Samsung MagicINFO 9 Server Flaw Allows Arbitrary File Writes

Samsung’s SmartTV and digital signage ecosystem faces renewed cybersecurity scrutiny following the disclosure of...

Windows Ancillary for WinSock 0-Day Vulnerability Actively Exploited to Gain Admin Access

Microsoft has confirmed active exploitation of a critical privilege escalation vulnerability in the Windows...

Earth Ammit Hackers Deploy New Tools to Target Military Drones

The threat actor group known as Earth Ammit, believed to be associated with Chinese-speaking...