close

Samsung Mobile Security and Cookies

Our site uses essential cookies only. You can read our Privacy Policy and Cookie Policy for more information.

close

Samsung Mobile Security
Cookie Policy

Updated on Jan 17, 2022

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

Cookies

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

Essential Cookies: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie Domain Purpose
JSESSIONID security.samsungmobile.com to keep login session
lastActivityTime security.samsungmobile.com to save the user's last activity time to automatically logout after 30 minutes of inactivity

Managing Cookies and Other Technologies

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

Go straight to the menu Go straight to the text
Home>Security Updates>Firmware Updates

Security Updates

2026Open selected window by year

Close selected window by year
January

Disclaimer

  • Please note that in some cases regular OS upgrades may cause delays to planned security updates. However, users can be rest assured the OS upgrades will include up-to-date security patches when delivered.
  • While we are doing our best to deliver the security patches as soon as possible to all applicable models, delivery time of security patches may vary depending on the regions and models.
  • Some patches to be received from chipset vendors (also known as Device Specific patches) may not be included in the security update package of the month. They will be included in upcoming security update packages as soon as the patches are ready to deliver.

Acknowledgements

Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google Patches for the following CVEs from Android Security Bulletin are applied in this Security Maintenance Release - January 2026 Package.

Critical
CVE-2024-43859, CVE-2025-54957

High
CVE-2024-43766, CVE-2025-32348, CVE-2025-48609, CVE-2025-48635, CVE-2026-0007, CVE-2026-0008, CVE-2026-0010, CVE-2026-0011, CVE-2025-20760, CVE-2025-20761, CVE-2025-20762, CVE-2025-20793, CVE-2025-20794, CVE-2025-20795, CVE-2025-47339, CVE-2025-47348, CVE-2025-47388, CVE-2025-47394, CVE-2025-47396

Moderate
None

Already included in previous updates
None

Not applicable to Samsung devices
CVE-2025-47346, CVE-2025-47395


※ Please see Android Security Bulletin for detailed information on Google patches.


Samsung Semiconductor patch is also included in this Security Maintenance Release for the following CVEs:

High
CVE-2025-27807, CVE-2025-49495, CVE-2025-52519, CVE-2025-53966

※ Please see Samsung Semiconductor Product Security Update for detailed information on Samsung Semiconductor patches.


Along with Google patches and Samsung Semiconductor patches, Samsung Mobile provides 30 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Jan-2026 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


High

SVE-2025-1716(CVE-2026-20969)
Affected versions: Selected Android 13, 14, 15, 16 devices
Disclosure status: Privately disclosed
Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.
The patch adds proper input validation.

SVE-2025-2103(CVE-2026-20971)
Affected versions: Android 13, 14, 15, 16
Disclosure status: Privately disclosed
Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code.
The patch removes unused code.

SVE-2025-2316(CVE-2026-20973)
Affected versions: Android 13, 14, 15, 16
Disclosure status: Privately disclosed
Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory.
The patch adds proper input validation.

SVE-2025-2394(CVE-2026-20974)
Affected versions: Selected Android 13, 14, 15, 16 devices
Disclosure status: Privately disclosed
Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock.
The patch adds proper validation logic.


Moderate

SVE-2025-1183(CVE-2026-20968)
Affected versions: Android 13, 14, 15, 16
Disclosure status: Privately disclosed
Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.
The patch adds proper check logic.

SVE-2025-1990(CVE-2026-20970)
Affected versions: Android 15, 16
Disclosure status: Privately disclosed
Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.
The patch adds proper access control.

SVE-2025-2255(CVE-2026-20972)
Affected versions: Android 13, 14, 15, 16
Disclosure status: Privately disclosed
Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.
The patch adds proper permission.


Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
Lior Keshet of Lucid Bit Labs: SVE-2025-1183, SVE-2025-2103
Ethan Hunt: SVE-2025-1716
Bob Lam: SVE-2025-1990
Martin Heyden: SVE-2025-2255
Brendon Tiszka and Mateusz Jurczyk of Google Project Zero: SVE-2025-2316

Version
VersionDateNotes
1.0January 6, 2026Bulletin published
1.1January 8, 2026CVE List updated
1.2January 9, 2026SVE List updated