As always, Samsung launched the June 2021 One UI security patch before changing the calendar month, even ahead of the stock Android, commonly known as Google. The Galaxy S21 series was to first to grab the latest security patch, a week before this month.
Later on, the company expanded this latest security improvement package to more Galaxy devices from different segments and all of the latest and older (eligible) flagship phones have started getting it over the air in various smartphone markets.
Well, the most awaited Samsung June 2021 security bulletin has officially arrived, which includes dozens of new fixes for CVEs from Google and Samsung. At the same time, the company said that it has already fixed some exploits with the previous patches, while some are not applicable for Galaxy devices.
According to the official document, Samsung’s June 2021 security patch update brings fixes for 2 Critical (CVE-2021-0507, CVE-2021-0516), 27 High, and 5 Moderate levels of CVEs to Galaxy phones and tablets. While fixes for 9 new CVEs already included in previous updates and 4 not applicable to Samsung devices.
Samsung Android June 2021 Security Bulletin [New CVE Fixes]
CVE-2021-1891, CVE-2020-11284, CVE-2021-1905, CVE-2021-1915, CVE-2021-1927, CVE-2021-28663, CVE-2021-28664, CVE-2021-0495, CVE-2020-11279, CVE-2020-11273, CVE-2020-11274, CVE-2020-11285, CVE-2020-29661, CVE-2019-2219, CVE-2021-0511, CVE-2021-0521, CVE-2021-0508, CVE-2021-0509, CVE-2021-0510, CVE-2021-0520, CVE-2021-0505, CVE-2021-0506, CVE-2021-0523, CVE-2021-0504, CVE-2021-0517, CVE-2021-0522, CVE-2021-0304
CVE-2021-1906, CVE-2021-0381, CVE-2020-0025, CVE-2021-0385, CVE-2021-0389
Already included in previous updates
CVE-2021-0492, CVE-2021-0491, CVE-2021-0493, CVE-2021-0494, CVE-2021-0497, CVE-2021-0498, CVE-2021-0489, CVE-2021-0490, CVE-2021-0496
Not applicable to Samsung devices
CVE-2021-0467, CVE-2020-11288, CVE-2020-11289, CVE-2021-1910
Samsung Android June 2021 Security Bulletin [New CVE Fixes]
Alongside Google patches, Samsung provides 19 SVE items in order to improve Galaxy device owners’ confidence in security. You can check the list below.
Note: Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.
- SVE-2021-20702 (CVE-2021-25410): Arbitrary file access vulnerability in CallBGProvider
- SVE-2021-20877 (CVE-2021-25413): Possible to access arbitrary content providers
- SVE-2021-20879 (CVE-2021-25414): Possible to theft or overwrite arbitrary files
- SVE-2021-21161 (CVE-2021-25407): Out of bounds write in Samsung NPU driver
- SVE-2021-20641 (CVE-2021-25417): Improper authorization in SDP SDK
- SVE-2021-20984 (CVE-2021-25412): Improper access control in genericssoservice service
- SVE-2021-20948 (CVE-2021-25409): Configure Notification settings without authorization
- SVE-2021-20178 (CVE-2021-25415): Possible remapping RKP memory as writable from EL1
- SVE-2021-20179 (CVE-2021-25416): Possible creating executable kernel page via abusing dynamic load functions
- SVE-2021-20176 (CVE-2021-25411): Vulnerable api in RKP allows attackers to write read-only kernel memory
- SVE-2021-21074 (CVE-2021-25408): Buffer overflow in Samsung NPU driver
STAY CONNECTED WITH US:
Android 15 may speed up webpages loading for apps
Android 15 is the upcoming major update, which will bring new features and some significant improvements over the current version. One of the changes that Android 15 could introduce is the ability to pin Android System WebView into memory, which could speed up the browsing experience.
Android System WebView is a part that allows apps to display web content without opening a separate browser app. Many apps use WebView to access various features, such as showing login screens, help pages, or full articles.
WebView is based on the same code as Google Chrome, but it is updated separately. To save space on the device, Google created a shared library called Trichrome.
According to information (via AndroidPolice), Google may pin the base APK of the trichrome library to memory with Android 15, which means it will not be removed from memory when the user opens a big-size app. This could reduce the loading time of web pages and make the browsing experience smoother.
The feature is currently enabled in Android 15 Developer Preview 1, but it may change or be removed in future versions. Android 15 is expected to be released later this year, with new features and improvements for Android users.
Google temporarily stops Android 15 DP1 downloads amid device corruption bug
Last week, Google rolled out the first developer preview of its next version operating system – Android 15, and the firm now temporarily stopped DP1 downloads amid a device corruption bug. However, this news may disappoint users who were all set to try the new offerings.
According to the details, Google states on its Android Developers page that we’ve temporarily disabled downloads for Android 15 DP1 OTA images. The reason for this abrupt pause happens to be a known issue that shows a Device is corrupted message, which occurs when sideloading OTA images.
However, an issue with sideloading the Developer Preview 1 build can sometimes cause users in trouble, so to maintain reliability, Google pauses the downloads of Android 15 first developer preview until the firm can further troubleshoot the issue.
To work around this issue, Google recommends developers flash a factory image to test devices instead. Simultaneously, this news primarily impacts developers, as this is an early build, and probably not even that much since developers would probably end up flashing their devices anyway.
However, currently, there’s no information available on when the issue will be resolved and downloads will resume, so all you can do is wait, because it’s better to be late than corrupted.
Android 15 might stop some apps from reading notifications with OTP
The countdown for the next iteration of the operating system has begun, as Google already dispatched the first Developer Preview of Android 15. Therefore, the code within Android 15 suggests that Google might stop untrusted apps from reading notifications with OTP.
The QPR3 Beta 1 update of Android 14 shows a new option named RECEIVE_SENSITIVE_NOTIFICATIONS. This permission has a protection level of role signature, which means it can only be granted to applications with the requisite role or to applications that the OEM signs.
While the exact role that grants this permission hasn’t been detailed yet, likely, that Google doesn’t intend to open this permission up to third-party apps. Hence, Google might be planning to crack down on a known Android security attack method with the upcoming OS – Android 15.
Various apps use passkey or enable two-factor authentication. While some forms of two-factor authentication are more secure than others, some platforms only support the most basic methods, wherein your one-time passwords (OTPs) are sent via email or text.
These methods are convenient since they don’t require additional setup, but they are also less secure since they’re easier to intercept. So, to reduce the risk of data loss, Android 15 might add a new feature that will stop untrusted apps from reading notifications with OTP.
However, currently, it’s hard to describe which apps will count as an untrusted app but we can say that Android will have many ways to protect users from leaking their 2FA codes to third parties. Like the OTP_REDACTION, which suggests that Google will stop users from leaking their 2FA codes on the lock screen.
While the RECEIVE_SENSITIVE_NOTIFICATIONS permission suggests that Android will stop untrusted apps from reading notifications with 2FA codes.