Updates
Samsung September 2021 Security Patch Details – New Fixes (CVE/SVE)
Though a bit late, but Samsung has finally released its September 2021 One UI security patch details alongside the Android patches by Google. As always, the newly published security bulletin brings detailed information including different levels of CVEs such as critical, high and moderate as well as Samsung SVEs.
If we go with Samsung’s official Firmware Updates support page, the September 2021 security patch comes with fixes for 3 critical, 29 high, and 14 moderate CVEs from Google. At the same time, 2 CVEs had already been included in previous updates, while 9 are not applicable on Galaxies.
Below, you can see the CVEs that will be fixed on your Samsung Galaxy device after upgrading to September 2021 security patch.
Critical
- CVE-2021-1972, CVE-2021-1976, CVE-2021-0687
High
- CVE-2021-28375, CVE-2020-14381, CVE-2021-0582, CVE-2021-0578, CVE-2021-0579, CVE-2021-0580, CVE-2021-0581, CVE-2021-30261, CVE-2021-30260, CVE-2021-1939, CVE-2021-1947, CVE-2021-1904, CVE-2021-0639, CVE-2019-10581, CVE-2021-0518, CVE-2021-0595, CVE-2021-0683, CVE-2021-0684, CVE-2021-0685, CVE-2021-0688, CVE-2021-0686, CVE-2021-0689, CVE-2021-0690, CVE-2021-0598, CVE-2021-0692, CVE-2021-0428, CVE-2021-0644, CVE-2021-0682, CVE-2021-0693
Moderate
- CVE-2021-0565, CVE-2021-0556, CVE-2021-0562, CVE-2021-0566, CVE-2021-0536, CVE-2021-0537, CVE-2021-0538, CVE-2021-0539, CVE-2021-0547, CVE-2021-0548, CVE-2021-0553, CVE-2021-0549, CVE-2021-0552, CVE-2021-0691
Already included in previous updates
- CVE-2021-3347, CVE-2021-0564
Not applicable to Samsung devices
- CVE-2021-1919, CVE-2021-1916, CVE-2021-1920, CVE-2021-0573, CVE-2021-0574, CVE-2021-0576, CVE-2021-1914, CVE-2021-1978, CVE-2020-3633
Join Sammy Fans on Telegram
Aside from CVE fixes, Samsung also offers additional security improvements, better known as SVE, especially for the Galaxy consumers. This month, the company bringing repairs for 23 Samsung Vulnerabilities and Exposures (SVE) items. (Some of them mentioned below)
SVE-2021-21619 (CVE-2021-25457): Kernel Information Disclosure in the Vision DSP Kernel Driver
Severity: Moderate
Affected versions: Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipsets
- An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.
- The patch adds proper input validation in DSP driver.
SVE-2021-21943 (CVE-2021-25450): Path traversal vulnerability in FactoryAirCommandManager
Severity: High
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
- Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.
- The patch addresses incorrect implementation of file path validation check logic.
SVE-2021-22094 (CVE-2021-25449): Arbitrary code execution on mediaextractor process
Severity: Moderate
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
- An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.
- The patch adds proper input check to prevent buffer overflow.
SVE-2021-21959 (CVE-2021-25452): Kernel Permanent Denial of Service Vulnerability in the Vision DSP Kernel Driver
Severity: Moderate
Affected versions: Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipsets
- An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.
- The patch adds proper input check to prevent loading unintended file in path.
SVE-2021-21041 (CVE-2021-25453): Leak Bluetooth information through Broadcast in Bluetooth app
Severity: High
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
- Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
- The patches add proper access control to prevent Bluetooth information leak.
SVE-2021-21620 (CVE-2021-25458): NULL pointer dereference vulnerability in the ION Driver
Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets
- NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
- The patch adds proper input check to prevent null pointer dereference.
SVE-2021-22602 (CVE-2021-25459): Improper access control in BlockChainService
Severity: Moderate
Affected versions: Select Q(10.0), R(11.0)
- An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.
- The patch adds the proper permission check to prevent improper access to BlockchainTZService.
SVE-2021-22603 (CVE-2021-25460): Improper access control in BlockChainService
Severity: Moderate
Affected versions: Select Q(10.0), R(11.0)
- An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.
- The patch adds the proper permission check to prevent improper access to BlockchainTZService.
SVE-2021-22411 (CVE-2021-25461): APAService Stack Overflow
Severity: Low
Affected versions: O(8.1)
- An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.
- The patch adds proper length check in APAService.
SVE-2021-21413 (CVE-2021-25451): Sensitive information disclosure in NetworkPolicyManagerService
Severity: Moderate
Affected versions: P(9.0), Q(10.0), R(11.0)
- A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.
- The patch addresses the intent in NetworkPolicyManagerService to prevent unprivileged access.
SVE-2021-22278 (CVE-2021-25454): OOB read vulnerability in ‘libsaacextractor.so’
Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
- OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.
- The patch adds length check code in libsaacextractor library.
SVE-2021-22291 (CVE-2021-25455): OOB read vulnerability in ‘libsaviextractor.so’
Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
- OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.
- The patch adds length check code in libsaviextractor library.
SVE-2021-22343 (CVE-2021-25456): OOB read vulnerability in ‘libswmfextractor.so’
Severity: Moderate
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
- OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.
- The patch adds length check code in libswmfextractor library.
SVE-2021-21969 (CVE-2021-25462): Null Pointer Dereference vulnerability in the NPU Driver
Severity: Low
Affected versions: P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets
- NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
- The patch adds proper input check to prevent null pointer dereference.
Samsung One UI 3.1.1
Released alongside the Galaxy Z Fold 3 and Galaxy Z Flip 3, the One UI 3.1.1 version is making its way to more and more Galaxy devices through software updates. So far, the company’s every flagship smartphone (including older foldables) has started grabbing the One UI 3.1.1 features.
What about Android 12 One UI 4?
Later last month, Samsung teased that the Android 12-based One UI 4 Beta is coming soon for the Galaxy S21 series smartphone owners in South Korea, the US and Germany. The Beta participation had already begun but the company is yet to deliver the first One UI 4 Beta build to the consumers.
Updates
November 2024 security update now live for Galaxy Z Flip 5, Fold 5
Samsung has released a new update with the November 2024 security patch for Galaxy Z Flip 5 and Galaxy Z Fold 5 smartphones. The update is available for users in Korea and the company will soon expand it to more countries.
November 2024 security update for Samsung Galaxy Z Flip 5 and Galaxy Z Fold 5 smartphones F731NKSU4DXK8 and F946NKSU4DXK8 respectively. It is an initial rollout so it may take some hours or days to reach all models.
The fresh security patch fixes 52 vulnerabilities in Android and Samsung software. Google has patched 38 high-level issues, and one CVE doesn’t apply to Galaxy devices. Samsung has also addressed 13 issues, including bugs related to multiple users, Dex Mode, Galaxy Watch, and Settings.
This update improves security and device performance by bringing bug fixes and enhancements. Overall, users will get smoother performance after installing the update.
If you have received the notification of the update then install it now to get a bug-free experience. You can also check the update by visiting the Settings app on your smartphone and opening the Software Update section.
Now, click on the Download and Install option. If any update is available, you can follow the on-screen instructions to install the update on your Galaxy smartphone.
These foldable smartphones are currently running Android 14 based One UI 6.1.1. It will get the major One UI 7 based on the Android 15 update next year, after the Samsung Galaxy S25 series launch.
November 2024 Update Plan: Samsung offers security patches for over 140 Galaxy devices
Updates
Samsung releases November 2024 security update for Galaxy Watch 7
Samsung recently announced the One UI 6 Watch rollout for older Galaxy watches. Now, the company has started rolling out the November 2024 security update for Samsung Galaxy Watch 7.
November 2024 security update for the Samsung Galaxy Watch 7 is currently live for users in Korea and the company will soon expand it to more countries. This update arrives with build version L310XXU1AXK6 and an installation package size of 245.62MB.
The fresh update improves the stability of the Galaxy Watch 7 to provide a more reliable performance. It brings some improvements to make the device more secure and stable. Also, it installs the latest Android security patch release in November 2024 for better security.
By fixing existing issues and enhancing performance, Samsung aims to deliver a smoother and more dependable user experience. Although the update does not introduce new features or changes, it provides a better and smoother performance.
Samsung recommends Galaxy Watch 7 users install this update to take advantage of the enhanced system stability. By keeping the device updated, users can get benefits from the new feature and enhanced security.
To install the update, users need to connect their Galaxy Watch 7 to a smartphone via the Galaxy Wearable app. From there, navigate to Watch Settings, select Watch Software Update, and choose the Download and Install option.
Samsung reveals what One UI 6 Watch update brings to Galaxy Watch
Updates
Verizon Galaxy A53, A23 grabbing November 2024 security update [US]
Samsung Galaxy A53 and Galaxy A23 users are receiving a November 2024 security update on the Verizon network carrier in the US. The update is rolling out for locked models, and other carriers could get this update in the coming days or weeks.
Users of the Samsung Galaxy A53 and Galaxy A23 smartphones can verify the November 2024 security update via One UI builds given below:
- Galaxy A53 – A536VSQSEEXJA
- Galaxy A23 – A236VSQS7DXJ5
November 2024 Security Patch Details
November 2024 security update addresses 52 vulnerabilities across Android and Samsung’s software. Google has resolved 38 high-priority issues, while one CVE is not relevant to Galaxy devices.
Samsung’s patches include fixes for 13 vulnerabilities, primarily impacting user profiles, Dex Mode, Galaxy Watch, and certain system features like Settings and Maintenance Mode. This update enhances both the security and performance of Galaxy devices.
How to Update:
Samsung users can check new software updates manually with a handful of simple steps. Firstly, visit your Galaxy device’s “System Settings,” once done, scroll down and tap the “Software update” tab, followed by the “Download and install” button.
One UI 7
One UI 7 Beta update was announced to be released at the end of the year, with plans to stable release in early 2025 along with the Samsung Galaxy S25 series. Reports claim that the Beta Program is about to start in the coming days for the Galaxy S24 series.