Updates

Samsung September 2020 security patch details, fixes 9 critical issues and more

Posted on

Samsung has already rolled out the September 2020 security patch to some of its smartphones, including the Galaxy Note 20 series. The company has now revealed the details of the September 2020 security patch.

Along with Google security patches, Samsung provides 15 Samsung Vulnerabilities and Exposures (SVE) items, in order to improve customer’s confidence in the security of Samsung Mobile devices.

READ MORE: One UI 3.0: list of eligible Samsung devices that will get the Android 11

In the September 2020 security patch, the company fixed 9 critical vulnerabilities in the Android OS, along with several high and moderate-risk vulnerabilities.

Join our Samsung Channel on Telegram

 

Issues fixed in the September 2020 security patch:

In September 2020 security patch, the company fixed a vulnerability in Cameralyzer allows unauthorized applications to write arbitrary files in SD card area. The Galaxy S9 and Galaxy Note 9 devices running Android 10 were affected with this security issue. The latest patch prevents unauthorized access to Cameralyzer functions. It was first reported on February 11, 2020, which seems to be a high-security issue. Samsung took 7 months to fix this issue.

For the Galaxy S20 and S20+, this September 2020 security patch adds the proper input validation to prevent heap buffer over-read. The issue was first reported on April 2, 2020, and rated as the warning level of this issue is low. Only applicable to the device with S.LSI SMP1500T11 chipset.

In addition, the latest patch fixes a possible arbitrary memory overwrite vulnerability in Quram image codec library that allows arbitrary code execution. The patches add the proper validation of the buffer length. This is applicable for all the Galaxy devices running Android 8 or higher. It was reported on June 17, 2020.

The patch also brings fixes for the Exynos devices running Android 8 or higher for a possible buffer overflow vulnerability in baseband that allows arbitrary code execution. The patch adds the proper validation of the buffer length. The issue was first reported on June 19, 2020.

Finally, the last fix is included for the Exynos and MediaTek devices running Android 10 OS. The patch now allows the execution of debugging command only when users enable the option in Developer options. There was a vulnerability that allowed executing LTE/5G commands via the USB connection without user authentication. It was first reported on March 6, 2020.

Samsung Galaxy devices that have received the September 2020 security patch:

  • Galaxy Note 20
  • Galaxy Note 20 Ultra
  • Galaxy S20
  • Galaxy S20+
  • Galaxy S20 Ultra
  • Galaxy A50
  • Galaxy S10e
  • Galaxy S10
  • Galaxy S10+
  • Galaxy Note 10
  • Galaxy Note 10+
  • Galaxy S9
  • Galaxy S9+
  • Galaxy Note 9
  • Galaxy A51
  • Galaxy A21s
  • Galaxy A70

Must Read

Exit mobile version