Today we’re taking a peek at the first major software update of the year for the Samsung Galaxy smartphone lineup. This update was announced by Samsung as part of the monthly security update program, announced as coming to Galaxy S, Galaxy Fold, Galaxy Note, and a variety of Enterprise Models. This is part of the reason why, if you’re a Samsung phone user that doesn’t normally buy an S or a Note, it might be time to consider a change.*
How do I update my Samsung phone?
Open Settings and scroll all the way to (nearly) the end of the list and find System Updates. Tap System Updates, then find and tap “Check for system updates.” If no software update is available, you’ll either already have the latest update, or you’ll want to check again later in the week to see if the update was made available to you. Sometimes it takes a while to get to every phone – don’t worry!
January 2020 Security Maintenance Release (SMR)
The package released in January of 2020 includes patches from both Samsung and Google, for specific hardware models and for Android in general. While it’s almost always a good idea to accept software updates from your smartphone’s manufacturer, security updates especially, we’re going to take a quick look at some vulnerabilities this update patched, just to see why we’d want this package.
Samsung listed 17 specific “Samsung Vulnerabilities and Exposures (SVE)” items in their January 2020 security software update. That’s 17, not including the patches provided by Google. Google’s provided vulnerability fixes included 35 patches for January alone, plus a couple more that weren’t applicable to Samsung devices.
The list below includes the titles of a set of vulnerabilities patched by the January 2020 security update provided by Samsung for Samsung-made Android smartphones.
January 2020 vulnerabilities patched for Samsung Android devices:
• Brute force attack on screen lock password
• Improper aligned size check leads buffer overflow in secure bootloader
• Stack overflow in the kperfmon driver
• Stack overflow in display driver
• Leakage of cached data in Gallery
• Stack overflow in Baseband
• Kernel stack address leak
• FRP Bypass using AppTray
While there are a total of 17 vulnerabilities patched by Samsung in this newest update, not all were listed by Samsung in the software update notes. This is completely normal when it’s important that a fix be in place on as many devices as possible before potential malicious users are able to exploit those users that’ve not yet gotten said patch.
Phone model dictates update regularity
*Samsung has a security software update program that runs at different intervals depending on phone model. If you have a higher-priced phone, that generally means you get updates more often than Samsung’s wide variety of lower-priced hardware. The exception to this rule seems to be in devices specified as Enterprise Models.
Samsung Galaxy S models currently getting “monthly security updates” from Samsung are as follows: Galaxy S8, Galaxy S8+, Galaxy S8 Active, Galaxy S9, Galaxy S9+, Galaxy S10, Galaxy S10+, Galaxy S10e, Galaxy S10 5G. Samsung also includes the Galaxy Fold in the same list as their Galaxy S devices set for monthly updates.
Samsung includes the following Galaxy Note devices amongst those that currently receive monthly security updates: Galaxy Note8, Galaxy Note9, Galaxy Note10, Galaxy Note10 5G, Galaxy Note10+, Galaxy Note10+ 5G. The only other Galaxy Note device still in the realm of Samsung security support is the Samsung Galaxy Note FE, which appears in a list of Samsung “regular security updates” – that means every once in a while, maybe once a year.
Enterprise Models in the monthly security updates collection by Samsung include: Galaxy A5 (2017), Galaxy A8 (2018), Galaxy A50, Galaxy XCover4s, Galaxy XCover FieldPro. Recent Samsung tablets and a wide variety of Galaxy A, J, and M models appear in the list for Quarterly Security Updates.