News

Samsung April 2020 security patch details

Posted on

Samsung has already rolled out the April 2020 security patch to some of its smartphones, including the Galaxy S20 series. The company has now revealed the details of the April 2020 security patch.

Along with Google security patches, Samsung provides 34 Samsung Vulnerabilities and Exposures (SVE) items, in order to improve customer’s confidence in the security of Samsung Mobile devices.

One UI 3.0: list of eligible Samsung devices that will get the Android 11

In the April 2020 security patch, the company fixed 14 critical vulnerabilities in the Android OS, along with several high and moderate-risk vulnerabilities.

Issues fixed in the April 2020 security patch:

  • Multiples vulnerabilities in Fingerprint trustlet including a possible arbitrary memory overwrite, buffer non-initialize and leakage of address information allow arbitrary code execution. The patch adds proper input validation and buffer initialize, and corrects implementation of kernel logging.
  • Certain floating icons allow unauthorized access to applications in Secure Folder. The patch adds proper check for applications with floating icon.
  • A vulnerability allows access to clipboard contents on a locked device via Google Assistant. The patch removes options for showing editing text from the keyboard while the device is locked.
  • A lack of check for param type in MLDAP trustlet with TEEGRIS allows arbitrary code execution. The patch adds proper check of param type.
  • An invalid input check vulnerability in MLDAP trustlet with TEEGRIS allows out of bounds read. The patch adds proper boundary check code to prevent out of bounds read.
  • A vulnerability in NFC allows exposure of potential sensitive information from dumpstate. The patch addresses the log of transaction from NFC.
  • A vulnerability in recent task leaks preview of applications in Secure Folder while in locked state. The patch addressed the issue in Secure Folder.
  • A lack of status check logic for Lockdown mode in Edge Lighting application allows notification exposure. The patch adds code to check the Lockdown status in Edge Lighting application.
  • The Kr00k vulnerability may allow an attacker to decrypt some WPA2-Personal/Enterprise traffic by forcing an AP/client to start utilizing an all-zero encryption key. The patch addressed the issue.

Note: Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Samsung Galaxy devices that have received the April 2020 security patch:

  • Galaxy S20
  • Galaxy S20+
  • Galaxy S20 Ultra
  • Galaxy Note 10
  • Galaxy Note 10+
  • Galaxy Note 10 Lite
  • Galaxy S10e
  • Galaxy S10
  • Galaxy S10+
  • Galaxy Note 9
  • Galaxy Note 8
  • Galaxy S8
  • Galaxy S8+
  • Galaxy A50
Join our Samsung Channel on Telegram:

Must Read

Exit mobile version