Samsung Galaxy smartphones receive security update

Chris Burns - Jan 25, 2016
0
Samsung Galaxy smartphones receive security update

This week the folks at Samsung Mobile have revealed an update that'll be sent automatically to a variety of smartphones around the world. This is part of Samsung's Security Maintenance Release, or SMR, process detailed last year for most of the device makers hero smartphones. This update is separate from Google Android patches, which come from Google and are sent through each device's individual carrier, where applicable. To get this Samsung update, you need only wait.

While Samsung is not extremely specific about the devices that'll be getting this update, we do have a list of smartphones and tablets that've gotten previous updates. The devices in the list below are likely to get the update as they are, together, the entire Samsung "flagship" collection. Samsung suggests this update will be sent to all of their "flagship" devices.

• Galaxy S5
• Galaxy S6
• Galaxy S6 edge
• Galaxy S6 edge+
• Galaxy Note 4
• Galaxy Note Edge
• Galaxy Note 5
• Galaxy Tab S
• Galaxy Tab S2

If you have one of the devices listed above, you can likely expect a software update to be sent to you automatically. This update is being sent to Samsung devices starting today.

NOTE: This is not the Android 6.0 Marshmallow update. That's different.

This update patches a variety of issues. Each of these issues is listed below, via Samsung's posting SMR-Jan-2016, January 2016.

SVE-2015-4958: msm_sensor_config security issues
Severity: Medium
Affected versions: KK(4.4) and L with APQ8084, MSM8974, and MSM8974pro chipset
Reported on: September 25, 2015
Disclosure status: This issue is publicly known.
A vulnerability using without checking the boundary of buffers can lead to memory corruption.
The applied patch avoids an illegal access to memory by checking the boundary.

SVE-2015-5081: Exposed provider and SQLi in SecEmailSync
Severity: High
Affected versions: L(5.0/5.1)
Reported on: October 10, 2015
Disclosure status: This issue is publicly known.
The combination of allowing unprivileged local applications to access some providers and having SQL injection (SQLi) vulnerability can enable any application to access all messages from ‘SecEmail.
The supplied patch prevents SQLi vulnerability by changing query code and unprivileged access by restricting the permission.

SVE-2015-5109: Samsung Galaxy S6: android.media.process Face Recognition Memory Corruption (MdConvertLine)
Severity: Critical
Affected versions: KK(4.2/4.3/4.4), L(5.0/5.1)
Reported on: October 7, 2015
Disclosure status: This issue is publicly known.
When a malformed BMP image is scanned by a facial recognition library, it can trigger an arbitrary code execution as overwriting the return address from a stack or a register.
The newly released ‘libfacerecognition’ library includes a defense code for prevention of memory corruption.

SVE-2015-5110: Samsung Galaxy S6: libQjpeg je_free Crash
Severity: Critical
Affected versions: L(5.0/5.1)
Reported on: November 7, 2015
Disclosure status: This issue is publicly known.
A malformed JPEG file can make memory corruption due to a flaw in ‘libQjpeg.so’ and it is possible to be used to exploit vulnerability.
The newly released ‘libQjpeg’ library includes a defense code for prevention of memory corruption.

SVE-2015-5131: FRP/RL Bypass issue by hacking tools
Severity: Critical
Affected versions: All devices supporting FRP/RL
Reported on: November 11, 2015
Disclosure status: This issue is publicly known.
A vulnerability from download mode can reset FRP/RL partition by using ‘Odin’ protocol.
The applied patch is concerned with bootloader which is a confidential part even inside of Samsung.

SVE-2015-5133: IAndroidShm IAPAService service DoS
Severity: Low
Affected versions: KK(4.4), L(5.0/5.1)
Reported on: October 30, 2015
Disclosure status: This issue is publicly known.
A vulnerability without proper exception handling in system services can lead to crash by calling malicious service commands.
The applied patch prevents crash by checking the condition of service commands.

The first thing to do with your Galaxy S6

If you wish to try to attain updates on your Samsung Galaxy smartphone or tablet immediately, you can head to settings, go to the bottom of your settings list, and tap the System Update button. Inside you'll find another button to check, and check automatically. This is generally the place you get Google-pushed updates, but you never know, could be magic.

samsungupdate

You could also just chill and wait.

That update will come to you eventually.