Announcing up to five (5) years support for Samsung Security Updates on select Galaxy devices
On 10 Feb 2022 by Samsung Mobile Security
As part of our continued commitment to delivering the most up-to-date and secure mobile experience possible, select Galaxy devices within the Galaxy S Series, Z Series, A Series, tablets and Galaxy Watches will now receive up to five years of security updates.
Eligible Galaxy devices with five years of security updates1 include:
- - Galaxy S Series: Galaxy S22, S22+, S22 Ultra as well as Galaxy S21, S21+, S21 Ultra, S21 FE and upcoming S series devices
- - Galaxy Z Series: Galaxy Z Fold3, Galaxy Z Flip3 and upcoming Z series devices
- - Galaxy A Series: upcoming select A series devices
- - Galaxy Tablets: Galaxy Tab S8, S8+, S8 Ultra and upcoming Tab S series devices
- - Galaxy Watch: Galaxy Watch4, Galaxy Watch4 Classic and upcoming Galaxy Watch series devices
For more information, please visit
here.
1 Availability of security update support may vary by device and market. Security update availability will depend on factors including but not limited to complexity of the update, hardware specifications, as well as chipset vendor and 3rd party’s support.
Notification on vulnerabilities in Samsung Preloaded Apps
On 16 Jun 2021 by Samsung Mobile Security
Overview
Researchers at Oversecured discovered and reported 17 vulnerabilities ranging from Moderate to High in Samsung developed apps that are preloaded on Samsung devices. Assuming an attacker-controlled malicious app is installed on the device, these vulnerabilities could allow the attacker to install apps and exfiltrate data such as photos, videos, call logs, contacts, and SMS/MMS through installing a piece of malware on the device and then exploiting vulnerabilities to use their pre-granted privileges. These attacks are, however, not currently remotely executable and there have been no knownreported issues globally so that users should be assured that their sensitiveinformation was not at risk.
These vulnerabilities affect all Samsung Android devices running Android 8.1 and higher.
Samsung immediately patched the vulnerabilities since April of 2021 and devices with an Android Security Patch Level of June 1, 2021 or later will be considered protected from the disclosed 16 vulnerabilities. And one remaining vulnerability related to Messages (SVE-2021-20903) is expected to be addressed via July Security Update with an Android Security Patch Level of July 1, 2021.
As these vulnerabilities require an attacker-controlled malicious app to be installed on the device in order to initiate an attack, Samsung strongly encourages users to alwaysdownload apps from authorized market stores including Galaxy Apps and GooglePlay store. Users should also make sure to verify the source when downloading apps outside ofauthorized market store, and refrain from installing unknown apps.
CVE/SVE
- SVE-2021-20733 (CVE-2021-25356)
- SVE-2021-20636 (CVE-2021-25388)
- SVE-2021-20500 (CVE-2021-25391)
- SVE-2021-20731 (CVE-2021-25393)
- SVE-2021-20690 (CVE-2021-25392)
- SVE-2021-20716 (CVE-2021-25397)
- SVE-2021-20724 (CVE-2021-25390)
- SVE-2021-20877 (CVE-2021-25413)
- SVE-2021-20879 (CVE-2021-25414)
- SVE-2021-20702 (CVE-2021-25410)
- SVE-2021-20601 (CVE-2021-25379)
- SVE-2021-20637 (CVE-2021-25377)
- SVE-2021-20542 (CVE-2021-25404)
- SVE-2021-20612 (CVE-2021-25401)
- SVE-2021-20631 (CVE-2021-25400)
- SVE-2021-20722 (CVE-2021-25440)
- SVE-2021-20903 (CVE-2021-25426)
Notification on Wi-Fi Fragment & Forge (FragAttack) vulnerabilities
On 12 May 2021 by Samsung Mobile Security
Overview
A security researcher at New York University AbuDhabi, found several vulnerabilities (a.k.a. Fragment & Forge or FragAttack) in Wi-Fi components affecting a large number of devices with Wi-Fi connectivity. These vulnerabilities could possibly allow an attacker within physical proximity to inspect data traffic protected by the Wi-Fi network, inject their own data packets into a data stream, and cause some denial of service (DoS) attacks to other connected devices.
This vulnerability affects various Wi-Fi enabled devices (e.g. PC, wearables, appliances, routers) including all Samsung devices running Android 8.0 and higher.
Samsung has worked with affected chipset vendor partners to provide patches for affected Samsung devices, starting in March of this year. Devices with an Android Security Patch Level of April 1, 2021 or later will be considered protected from these vulnerabilities. Samsung encourages all users to ensure their devices are updated once the patch becomes available for the devices.
CVE/SVE
- SVE-2021-20775
- CVE-2020-24586
- CVE-2020-24587
- CVE-2020-24588
- CVE-2020-26139
- CVE-2020-26140
- CVE-2020-26141
- CVE-2020-26142
- CVE-2020-26143
- CVE-2020-26144
- CVE-2020-26145
- CVE-2020-26146
- CVE-2020-26147
- CVE-2020-11264
- CVE-2020-11301