Thursday, March 28, 2024

Samsung Security Updates to Mobile Devices to Fix Critical Security Vulnerabilities

Recently, Samsung has rolled out security updates for its mobile devices to fix some critical security vulnerabilities. In September, Samsung has published the official changelog mentioning many of the vulnerabilities of all the latest over-the-air.

This security update has many vulnerability patches that fix all sought of critical vulnerabilities in many version of Android operating systems. However, the security update that the company has already released covers its Exynos-powered international Galaxy Note 9 model (SM-N960F) with the September 2020 patch.

While the OTA states that the security patch level of cooperative Galaxy devices is up to September 1st, 2020, it involves 15 security fixes, particularly to Samsung’s devices. 

And on the other side, Samsung’s sustaining update joins Google’s patches with those particular to smartphones and tablets, of its customized variant of the OS.

According to the reports, the update that has been launched also implies that the first fix is Samsung’s fixes for a 5G-specific vulnerability. This vulnerability reworks in the manner in which USB debugging instructions concerning LTE and 5G commands can be used without the user’s permission.

Most Affecting Vulnerabilities

Among all the vulnerabilities, the most affecting vulnerability was CVE-2020-0240, it’s a remote code execution vulnerability produced by an “integer overflow” bug in the Android operating system. According to the researchers, this vulnerability would enable a remote attacker to gain full authority over your device.

There are some other vulnerabilities, too, that cover those which enable you to bypass user communication to obtain aerial permission. This vulnerability would allow an attacker to manage code at higher authorities, then it usually would.

However, in the case of exploitation, the most critical vulnerability in this segment could easily allow a confined malicious application to bypass user communication demands to obtain access to additional authorities.

Other Vulnerabilities are Fixed in This Update

Framework

CVETypeSeverityUpdated AOSP versions
CVE-2020-0240RCEHigh10
CVE-2020-0238EoPHigh8.0, 8.1, 9, 10
CVE-2020-0257EoPHigh10
CVE-2020-0239IDHigh9, 10
CVE-2020-0249IDHigh8.0, 8.1, 9, 10
CVE-2020-0258IDHigh10
CVE-2020-0247DoSHigh8.0, 8.1, 10

Media Framework

CVETypeSeverityUpdated AOSP versions
CVE-2020-0241EoPHigh8.0, 8.1, 9, 10
CVE-2020-0242EoPHigh8.0, 8.1, 9, 10
CVE-2020-0243EoPHigh8.0, 8.1, 9, 10

System

CVETypeSeverityUpdated AOSP versions
CVE-2020-0108EoPHigh8.1, 9, 10
CVE-2020-0256EoPHigh8.0, 8.1, 9, 10
CVE-2020-0248IDHigh10
CVE-2020-0250IDHigh10

Bugs May Still be Exploitable

In the case of Samsun Galaxy  devices, the updates started this week, and it has its latest “security patch level” recorded “2020-08-01.” This indicates that the high severity Escalation of Privileges (EoP) vulnerabilities to be determined by the “2020-08-05 security patch” are yet exploitable.

In the case of CVE-2020-0259, this vulnerability can enable a locally present attacker to perform the arbitrary code execution on an unpatched device by increasing all the privileges. 

But, the experts have advised all the users to update their Android devices instantly, so that they can safeguard themselves against these bugs and secure their devices fully, and also recommended users to make sure that the “auto-update” settings have been enabled.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates

Also Read:

BLURtooth – A new Vulnerability Let Attackers to Overwrite the Authentication Keys

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles