Go straight to the menu Go straight to the text

Security Post

Notification on Wi-Fi Fragment & Forge vulnerabilities

On 12 May 2021 by Samsung Mobile Security

Overview

A security researcher at New York University AbuDhabi, found several vulnerabilities (a.k.a. Fragment & Forge) in Wi-Fi components affecting a large number of devices with Wi-Fi connectivity. These vulnerabilities could possibly allow an attacker within physical proximity to inspect data traffic protected by the Wi-Fi network, inject their own data packets into a data stream, and cause some denial of service (DoS) attacks to other connected devices.

This vulnerability affects many wi-fi enables devices (e.g. PC, wearables, appliances, routers) including all Samsung devices running Android 8.0 and higher.

Samsung has worked with affected chipset vendor partners to provide patches for affected Samsung devices, starting in March of this year. Devices with an Android Security Patch Level of April 1, 2021 or later will be considered protected from these vulnerabilities. Samsung encourages all users to ensure their devices are updated once the patch becomes available for the devices.

CVE/SVE

  • SVE-2021-20775
  • CVE-2020-24586
  • CVE-2020-24587
  • CVE-2020-24588
  • CVE-2020-26139
  • CVE-2020-26140
  • CVE-2020-26141
  • CVE-2020-26142
  • CVE-2020-26143
  • CVE-2020-26144
  • CVE-2020-26145
  • CVE-2020-26146
  • CVE-2020-26147
  • CVE-2020-11264
  • CVE-2020-11301

Notification on modem vulnerability in Qualcomm chipsets

On 07 May 2021 by Samsung Mobile Security

Overview

Security researchers at Check Point have reported a vulnerability within Qualcomm’s modem chipsets affecting select Samsung devices. The vulnerability disclosed by Check Point may allow a malicious app to gain access to device user information.

Samsung Android devices with Qualcomm chipset are affected by the vulnerability disclosed by Check Point, and Samsung has been releasing patches for affected select Samsung devices since January of 2021.

While a number of Samsung devices have already been patched starting in January of 2021, most Samsung devices with an Android Security Patch Level of May 1, 2021 or later, will be considered protected from the disclosed vulnerability. Samsung encourages all users to ensure their devices are updated once the patch becomes available for the devices.

CVE/SVE

  • CVE-2020-11292

Announcing minimum four (4) years support for Samsung Security Updates

On 22 Feb 2021 by Samsung Mobile Security

As part of our continued commitment to ensure timely protection from security vulnerabilities, Galaxy products launched since 2019, including the Z, S, Note, A, M, XCover and Tab series, will now receive at least four years of security updates delivered on a monthly, quarterly or biannual basis1.

Eligible Galaxy devices include:

  • - Galaxy Foldable devices: Fold, Fold 5G, Z Fold2, Z Fold2 5G, Z Flip, Z Flip 5G
  • - Galaxy S series: S10, S10+, S10e, S10 5G, S10 Lite, S20, S20 5G, S20+, S20+ 5G, S20 Ultra, S20 Ultra 5G, S20 FE, S20 FE 5G, S21 5G, S21+ 5G, S21 Ultra 5G
  • - Galaxy Note series: Note10, Note10 5G, Note10+, Note10+ 5G, Note10 Lite, Note20, Note20 5G, Note20 Ultra, Note20 Ultra 5G
  • - Galaxy A series: A10, A10e, A10s, A20, A20s, A30, A30s, A40, A50, A50s, A60, A70, A70s, A80, A90 5G, A11, A21, A21s, A31, A41, A51, A51 5G, A71, A71 5G, A02s, A12, A32 5G, A42 5G
  • - Galaxy M series: M10s, M20, M30, M30s, M40, M11, M12, M21, M31, M31s, M51
  • - Galaxy XCover series: XCover4s, XCover FieldPro, XCover Pro
  • - Galaxy Tab series: Tab Active Pro, Tab Active3, Tab A 8 (2019), Tab A with S Pen, Tab A 8.4 (2020), Tab A7, Tab S5e, Tab S6, Tab S6 5G, Tab S6 Lite, Tab S7, Tab S7+

For more information, please visit here.

1 Availability of security update support may vary by device and market. Security update availability will depend on factors including but not limited to complexity of the update, hardware specifications, as well as chipset vendor and 3rd party’s support.