Updates
Samsung September 2021 Security Patch Details – New Fixes (CVE/SVE)
Though a bit late, but Samsung has finally released its September 2021 One UI security patch details alongside the Android patches by Google. As always, the newly published security bulletin brings detailed information including different levels of CVEs such as critical, high and moderate as well as Samsung SVEs.
If we go with Samsung’s official Firmware Updates support page, the September 2021 security patch comes with fixes for 3 critical, 29 high, and 14 moderate CVEs from Google. At the same time, 2 CVEs had already been included in previous updates, while 9 are not applicable on Galaxies.
Below, you can see the CVEs that will be fixed on your Samsung Galaxy device after upgrading to September 2021 security patch.
Critical
- CVE-2021-1972, CVE-2021-1976, CVE-2021-0687
High
- CVE-2021-28375, CVE-2020-14381, CVE-2021-0582, CVE-2021-0578, CVE-2021-0579, CVE-2021-0580, CVE-2021-0581, CVE-2021-30261, CVE-2021-30260, CVE-2021-1939, CVE-2021-1947, CVE-2021-1904, CVE-2021-0639, CVE-2019-10581, CVE-2021-0518, CVE-2021-0595, CVE-2021-0683, CVE-2021-0684, CVE-2021-0685, CVE-2021-0688, CVE-2021-0686, CVE-2021-0689, CVE-2021-0690, CVE-2021-0598, CVE-2021-0692, CVE-2021-0428, CVE-2021-0644, CVE-2021-0682, CVE-2021-0693
Moderate
- CVE-2021-0565, CVE-2021-0556, CVE-2021-0562, CVE-2021-0566, CVE-2021-0536, CVE-2021-0537, CVE-2021-0538, CVE-2021-0539, CVE-2021-0547, CVE-2021-0548, CVE-2021-0553, CVE-2021-0549, CVE-2021-0552, CVE-2021-0691
Already included in previous updates
- CVE-2021-3347, CVE-2021-0564
Not applicable to Samsung devices
- CVE-2021-1919, CVE-2021-1916, CVE-2021-1920, CVE-2021-0573, CVE-2021-0574, CVE-2021-0576, CVE-2021-1914, CVE-2021-1978, CVE-2020-3633
Join Sammy Fans on Telegram
Aside from CVE fixes, Samsung also offers additional security improvements, better known as SVE, especially for the Galaxy consumers. This month, the company bringing repairs for 23 Samsung Vulnerabilities and Exposures (SVE) items. (Some of them mentioned below)
SVE-2021-21619 (CVE-2021-25457): Kernel Information Disclosure in the Vision DSP Kernel Driver
Severity: Moderate
Affected versions: Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipsets
- An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.
- The patch adds proper input validation in DSP driver.
SVE-2021-21943 (CVE-2021-25450): Path traversal vulnerability in FactoryAirCommandManager
Severity: High
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
- Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.
- The patch addresses incorrect implementation of file path validation check logic.
SVE-2021-22094 (CVE-2021-25449): Arbitrary code execution on mediaextractor process
Severity: Moderate
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
- An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.
- The patch adds proper input check to prevent buffer overflow.
SVE-2021-21959 (CVE-2021-25452): Kernel Permanent Denial of Service Vulnerability in the Vision DSP Kernel Driver
Severity: Moderate
Affected versions: Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipsets
- An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.
- The patch adds proper input check to prevent loading unintended file in path.
SVE-2021-21041 (CVE-2021-25453): Leak Bluetooth information through Broadcast in Bluetooth app
Severity: High
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
- Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
- The patches add proper access control to prevent Bluetooth information leak.
SVE-2021-21620 (CVE-2021-25458): NULL pointer dereference vulnerability in the ION Driver
Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets
- NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
- The patch adds proper input check to prevent null pointer dereference.
SVE-2021-22602 (CVE-2021-25459): Improper access control in BlockChainService
Severity: Moderate
Affected versions: Select Q(10.0), R(11.0)
- An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.
- The patch adds the proper permission check to prevent improper access to BlockchainTZService.
SVE-2021-22603 (CVE-2021-25460): Improper access control in BlockChainService
Severity: Moderate
Affected versions: Select Q(10.0), R(11.0)
- An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.
- The patch adds the proper permission check to prevent improper access to BlockchainTZService.
SVE-2021-22411 (CVE-2021-25461): APAService Stack Overflow
Severity: Low
Affected versions: O(8.1)
- An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.
- The patch adds proper length check in APAService.
SVE-2021-21413 (CVE-2021-25451): Sensitive information disclosure in NetworkPolicyManagerService
Severity: Moderate
Affected versions: P(9.0), Q(10.0), R(11.0)
- A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.
- The patch addresses the intent in NetworkPolicyManagerService to prevent unprivileged access.
SVE-2021-22278 (CVE-2021-25454): OOB read vulnerability in ‘libsaacextractor.so’
Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
- OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.
- The patch adds length check code in libsaacextractor library.
SVE-2021-22291 (CVE-2021-25455): OOB read vulnerability in ‘libsaviextractor.so’
Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
- OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.
- The patch adds length check code in libsaviextractor library.
SVE-2021-22343 (CVE-2021-25456): OOB read vulnerability in ‘libswmfextractor.so’
Severity: Moderate
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
- OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.
- The patch adds length check code in libswmfextractor library.
SVE-2021-21969 (CVE-2021-25462): Null Pointer Dereference vulnerability in the NPU Driver
Severity: Low
Affected versions: P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets
- NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
- The patch adds proper input check to prevent null pointer dereference.
Samsung One UI 3.1.1
Released alongside the Galaxy Z Fold 3 and Galaxy Z Flip 3, the One UI 3.1.1 version is making its way to more and more Galaxy devices through software updates. So far, the company’s every flagship smartphone (including older foldables) has started grabbing the One UI 3.1.1 features.
What about Android 12 One UI 4?
Later last month, Samsung teased that the Android 12-based One UI 4 Beta is coming soon for the Galaxy S21 series smartphone owners in South Korea, the US and Germany. The Beta participation had already begun but the company is yet to deliver the first One UI 4 Beta build to the consumers.
Samsung
Samsung Galaxy A15 receives September 2024 security update
Samsung has pushed a new update for the Galaxy A15 smartphone, which brings a September 2024 security patch. The update improves system security and stability to enhance the overall performance.
September 2024 security update for Galaxy A15 is currently rolling out in Asian countries and the company will soon make it available in more countries. Users can verify the latest update through One UI build version A155FXXS4BXI3.
The fresh update is expected to resolve video playback issues experienced in previous software. Galaxy A15 users have reported encountering a black screen with sound but no visuals. Additionally, error messages frequently appear, indicating “An unknown error has occurred” or that the video codec is not supported.
Notably, the September 2024 security patch addresses 1 critical issue and 43 high-level ones for Google. One of these issues was already fixed in earlier updates, and another one doesn’t impact Galaxy devices. Also, Samsung is adding 23 of its fixes to improve security in My Files, Theme Center, One UI Home, Knox, and Dex.
The installation package size of this update is around 270MB. You can install the latest update through your device’s Settings >> Software Update >> Download and Install. If any update is available, you can follow the on-screen instructions to install the update on your Galaxy smartphone
Samsung confirms update to fix Galaxy A15/A24 video playback issues
Samsung
Galaxy Z Flip 3, Fold 3 grab One UI 6.1.1 features in Korea
Samsung is now rolling out One UI 6.1.1 update for Galaxy Z Flip 3 and Galaxy Z Fold 3 smartphones in Korea. Users of these devices are already enjoying features in India, Europe, and the US.
One UI 6.1.1 update brings exciting new features and improvements over the previous version. You can now get helpful wellness tips in Samsung Health, track your sleep in detail, and create custom workout routines.
Moreover, this update also boosts productivity with new suggestions for Smart Select, makes file management easier, and improves multi-window support. You can easily clip photos and create a profile card for your calls.
You can now enjoy quicker video controls, tap-to-answer for calls, and regular weather updates. There’s also a new Auto Blocker for better security, and the Assistant menu is easier to access.
Aside from the new features, the update also includes a September 2024 security patch that fixes over 65 vulnerabilities from Google and Samsung. This latest patch makes your device more secure and reliable.
Users of the Samsung Galaxy Z Flip 3 and Galaxy Z Fold 3 smartphones in Korea can verify the One UI 6.1.1 update in Korea via the PDA version F711NKSU5JXH9 and F926NKSU5JXH9 respectively.
To install the latest update, you just need to visit Settings >> Software Updates >> Download and Install.
Samsung Galaxy Z Flip 3 One UI 6.1.1 update – Korea #Samsung #GalaxyZFlip3 pic.twitter.com/p9PaQO8fl7
— Samsung Software Updates (@SamsungSWUpdate) October 2, 2024
Samsung
Samsung Galaxy S22 users in Brazil receiving One UI 6.1.1 update
Samsung has kicked off the One UI 6.1.1 update for Galaxy S22, Galaxy S22 Plus, and Galaxy S22 Ultra smartphones in Brazil. This update is already rolled out for users in Korea, India, Europe, and the US.
One UI 6.1.1 update for the Galaxy S22 series in Brazil can be verified through the One UI build version mentioned below.
- Galaxy S22 – S901EXXUAEXH7
- Galaxy S22 Plus – S906EXXUAEXH7
- Galaxy S22 Ultra – S908EXXUAEXH7
The major One UI update adds new features to improve your smartphone experience. It installs the September 2024 security patch to improve the system’s security and stability.
One UI 6.1.1 introduces Galaxy AI’s Sketch Conversion, which turns simple drawings into artwork in apps like Samsung Notes. It also enhances photos with AI-generated style portraits and adds text auto-completion to the Samsung Keyboard for easier typing.
You can now translate calls in real-time on apps like Google Meet and WhatsApp, and translate text in images with Samsung Internet. Listening Mode helps translate languages during lectures. The update lets you record voice and convert it to text, manage PDFs better, and set wallpapers that change with the weather and time.
Users are advised to install the update promptly to benefit from the improved and new features. To install the update, open the smartphone’s settings, select ‘Software Update’, and then ‘Download and install’. Following these steps will ensure that your Galaxy smartphone is up-to-date with the latest software.
Galaxy S22 series in India grabs One UI 6.1.1 update with new AI features