Connect with us

Updates

Samsung September 2021 Security Patch Details – New Fixes (CVE/SVE)

Published

on

Samsung Security Patch Update

Though a bit late, but Samsung has finally released its September 2021 One UI security patch details alongside the Android patches by Google. As always, the newly published security bulletin brings detailed information including different levels of CVEs such as critical, high and moderate as well as Samsung SVEs.

If we go with Samsung’s official Firmware Updates support page, the September 2021 security patch comes with fixes for 3 critical, 29 high, and 14 moderate CVEs from Google. At the same time, 2 CVEs had already been included in previous updates, while 9 are not applicable on Galaxies.

Below, you can see the CVEs that will be fixed on your Samsung Galaxy device after upgrading to September 2021 security patch.

Critical

  • CVE-2021-1972, CVE-2021-1976, CVE-2021-0687

High

  • CVE-2021-28375, CVE-2020-14381, CVE-2021-0582, CVE-2021-0578, CVE-2021-0579, CVE-2021-0580, CVE-2021-0581, CVE-2021-30261, CVE-2021-30260, CVE-2021-1939, CVE-2021-1947, CVE-2021-1904, CVE-2021-0639, CVE-2019-10581, CVE-2021-0518, CVE-2021-0595, CVE-2021-0683, CVE-2021-0684, CVE-2021-0685, CVE-2021-0688, CVE-2021-0686, CVE-2021-0689, CVE-2021-0690, CVE-2021-0598, CVE-2021-0692, CVE-2021-0428, CVE-2021-0644, CVE-2021-0682, CVE-2021-0693

Moderate

  • CVE-2021-0565, CVE-2021-0556, CVE-2021-0562, CVE-2021-0566, CVE-2021-0536, CVE-2021-0537, CVE-2021-0538, CVE-2021-0539, CVE-2021-0547, CVE-2021-0548, CVE-2021-0553, CVE-2021-0549, CVE-2021-0552, CVE-2021-0691

Already included in previous updates

  • CVE-2021-3347, CVE-2021-0564

Not applicable to Samsung devices

  • CVE-2021-1919, CVE-2021-1916, CVE-2021-1920, CVE-2021-0573, CVE-2021-0574, CVE-2021-0576, CVE-2021-1914, CVE-2021-1978, CVE-2020-3633

Samsung Galaxy Security Update

Join Sammy Fans on Telegram

Aside from CVE fixes, Samsung also offers additional security improvements, better known as SVE, especially for the Galaxy consumers. This month, the company bringing repairs for 23 Samsung Vulnerabilities and Exposures (SVE) items. (Some of them mentioned below)

SVE-2021-21619 (CVE-2021-25457): Kernel Information Disclosure in the Vision DSP Kernel Driver

Severity: Moderate

Affected versions: Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipsets

  • An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.
  • The patch adds proper input validation in DSP driver.

SVE-2021-21943 (CVE-2021-25450): Path traversal vulnerability in FactoryAirCommandManager

Severity: High

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)

  • Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.
  • The patch addresses incorrect implementation of file path validation check logic.

SVE-2021-22094 (CVE-2021-25449): Arbitrary code execution on mediaextractor process

Severity: Moderate

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)

  • An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.
  • The patch adds proper input check to prevent buffer overflow.

SVE-2021-21959 (CVE-2021-25452): Kernel Permanent Denial of Service Vulnerability in the Vision DSP Kernel Driver

Severity: Moderate

Affected versions: Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipsets

  • An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.
  • The patch adds proper input check to prevent loading unintended file in path.

SVE-2021-21041 (CVE-2021-25453): Leak Bluetooth information through Broadcast in Bluetooth app

Severity: High

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)

  • Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
  • The patches add proper access control to prevent Bluetooth information leak.

SVE-2021-21620 (CVE-2021-25458): NULL pointer dereference vulnerability in the ION Driver

Severity: Low

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets

  • NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
  • The patch adds proper input check to prevent null pointer dereference.

SVE-2021-22602 (CVE-2021-25459): Improper access control in BlockChainService

Severity: Moderate

Affected versions: Select Q(10.0), R(11.0)

  • An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.
  • The patch adds the proper permission check to prevent improper access to BlockchainTZService.

SVE-2021-22603 (CVE-2021-25460): Improper access control in BlockChainService

Severity: Moderate

Affected versions: Select Q(10.0), R(11.0)

  • An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.
  • The patch adds the proper permission check to prevent improper access to BlockchainTZService.

SVE-2021-22411 (CVE-2021-25461): APAService Stack Overflow

Severity: Low

Affected versions: O(8.1)

  • An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.
  • The patch adds proper length check in APAService.

SVE-2021-21413 (CVE-2021-25451): Sensitive information disclosure in NetworkPolicyManagerService

Severity: Moderate

Affected versions: P(9.0), Q(10.0), R(11.0)

  • A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.
  • The patch addresses the intent in NetworkPolicyManagerService to prevent unprivileged access.

SVE-2021-22278 (CVE-2021-25454): OOB read vulnerability in ‘libsaacextractor.so’

Severity: Low

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)

  • OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.
  • The patch adds length check code in libsaacextractor library.

SVE-2021-22291 (CVE-2021-25455): OOB read vulnerability in ‘libsaviextractor.so’

Severity: Low

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)

  • OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.
  • The patch adds length check code in libsaviextractor library.

SVE-2021-22343 (CVE-2021-25456): OOB read vulnerability in ‘libswmfextractor.so’

Severity: Moderate

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)

  • OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.
  • The patch adds length check code in libswmfextractor library.

SVE-2021-21969 (CVE-2021-25462): Null Pointer Dereference vulnerability in the NPU Driver

Severity: Low

Affected versions: P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets

  • NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
  • The patch adds proper input check to prevent null pointer dereference.

Samsung One UI 3.1.1

Released alongside the Galaxy Z Fold 3 and Galaxy Z Flip 3, the One UI 3.1.1 version is making its way to more and more Galaxy devices through software updates. So far, the company’s every flagship smartphone (including older foldables) has started grabbing the One UI 3.1.1 features.

What about Android 12 One UI 4?

Later last month, Samsung teased that the Android 12-based One UI 4 Beta is coming soon for the Galaxy S21 series smartphone owners in South Korea, the US and Germany. The Beta participation had already begun but the company is yet to deliver the first One UI 4 Beta build to the consumers.

James is the lead content creator on Sammy Fans and mostly works on Samsung's firmware section. His first phone was the Galaxy S4 and continues to get new S series devices. Most of the time, James tries to learn about new technologies and gadgets but he also sneaks a bit of free time to nearby rivers and nature.

Samsung

Samsung Galaxy A15 receives September 2024 security update

Published

on

Samsung galaxy A15 September 2024 update

Samsung has pushed a new update for the Galaxy A15 smartphone, which brings a September 2024 security patch. The update improves system security and stability to enhance the overall performance.

September 2024 security update for Galaxy A15 is currently rolling out in Asian countries and the company will soon make it available in more countries. Users can verify the latest update through One UI build version A155FXXS4BXI3.

The fresh update is expected to resolve video playback issues experienced in previous software. Galaxy A15 users have reported encountering a black screen with sound but no visuals. Additionally, error messages frequently appear, indicating “An unknown error has occurred” or that the video codec is not supported.

Samsung galaxy A15 September 2024 update

Notably, the September 2024 security patch addresses 1 critical issue and 43 high-level ones for Google. One of these issues was already fixed in earlier updates, and another one doesn’t impact Galaxy devices. Also, Samsung is adding 23 of its fixes to improve security in My Files, Theme Center, One UI Home, Knox, and Dex.

The installation package size of this update is around 270MB. You can install the latest update through your device’s Settings >> Software Update >> Download and Install. If any update is available, you can follow the on-screen instructions to install the update on your Galaxy smartphone

Samsung confirms update to fix Galaxy A15/A24 video playback issues

Continue Reading

Samsung

Galaxy Z Flip 3, Fold 3 grab One UI 6.1.1 features in Korea

Published

on

Samsung Galaxy Z Flip 3 One UI 6.1.1 Korea

Samsung is now rolling out One UI 6.1.1 update for Galaxy Z Flip 3 and Galaxy Z Fold 3 smartphones in Korea. Users of these devices are already enjoying features in India, Europe, and the US.

One UI 6.1.1 update brings exciting new features and improvements over the previous version. You can now get helpful wellness tips in Samsung Health, track your sleep in detail, and create custom workout routines.

Moreover, this update also boosts productivity with new suggestions for Smart Select, makes file management easier, and improves multi-window support. You can easily clip photos and create a profile card for your calls.

You can now enjoy quicker video controls, tap-to-answer for calls, and regular weather updates. There’s also a new Auto Blocker for better security, and the Assistant menu is easier to access.

Samsung Galaxy Z Flip 3 One UI 6.1.1 Korea

Aside from the new features, the update also includes a September 2024 security patch that fixes over 65 vulnerabilities from Google and Samsung. This latest patch makes your device more secure and reliable.

Users of the Samsung Galaxy Z Flip 3 and Galaxy Z Fold 3 smartphones in Korea can verify the One UI 6.1.1 update in Korea via the PDA version F711NKSU5JXH9 and F926NKSU5JXH9 respectively.

To install the latest update, you just need to visit Settings >> Software Updates >> Download and Install.

Continue Reading

Samsung

Samsung Galaxy S22 users in Brazil receiving One UI 6.1.1 update

Published

on

Samsung Galaxy S22 One UI 6.1.1 update brazil

Samsung has kicked off the One UI 6.1.1 update for Galaxy S22, Galaxy S22 Plus, and Galaxy S22 Ultra smartphones in Brazil. This update is already rolled out for users in Korea, India, Europe, and the US.

One UI 6.1.1 update for the Galaxy S22 series in Brazil can be verified through the One UI build version mentioned below.

  • Galaxy S22 – S901EXXUAEXH7
  • Galaxy S22 Plus – S906EXXUAEXH7
  • Galaxy S22 Ultra – S908EXXUAEXH7

The major One UI update adds new features to improve your smartphone experience. It installs the September 2024 security patch to improve the system’s security and stability.

One UI 6.1.1 introduces Galaxy AI’s Sketch Conversion, which turns simple drawings into artwork in apps like Samsung Notes. It also enhances photos with AI-generated style portraits and adds text auto-completion to the Samsung Keyboard for easier typing.

Samsung Galaxy S22 One UI 6.1.1 update brazil

You can now translate calls in real-time on apps like Google Meet and WhatsApp, and translate text in images with Samsung Internet. Listening Mode helps translate languages during lectures. The update lets you record voice and convert it to text, manage PDFs better, and set wallpapers that change with the weather and time.

Users are advised to install the update promptly to benefit from the improved and new features. To install the update, open the smartphone’s settings, select ‘Software Update’, and then ‘Download and install’. Following these steps will ensure that your Galaxy smartphone is up-to-date with the latest software.

Galaxy S22 series in India grabs One UI 6.1.1 update with new AI features

Continue Reading