Η Samsung άρχισε να κυκλοφορεί τις ενημερώσεις ασφαλείας Σεπτεμβρίου στις Android συσκευές της, για να διορθώσει κρίσιμες αδυναμίες ασφαλείας στο functional of system and improve the overall capabilities of its devices.
This weekteam Google has released the September 2020 Android security updates, which include several security updates to the code for critical vulnerabilities affecting the latest devices.
As observed, Samsung devices Galaxy started updating automatically today, September 10th.
These updates include several improvements to Wi-Fi connectivity, the Samsung Keyboard, and application Messages, along with some pretty important security fixes. There are also improvements to the camera's Pro Video feature.
All the vulnerabilities encountered in this update have been described as either "High" or "Critical" seriousness, making the update necessary for the users of the company, so that their devices remain safe.
One of the most critical vulnerabilities is CVE-2020-0245, which affects the Media Framework component and allows both remote code execution and the disclosure of important information.
Other notable vulnerabilities that are fixed in this update include:
Framework
CVE | References | Type | Severity | Updated AOSP versions |
---|---|---|---|---|
CVE-2020-0074 | A-146204120 | EoP | High | 8.0, 8.1, 9, 10 |
CVE-2020-0388 | A-156123285 | EoP | High | 10 |
CVE-2020-0391 | A-158570769 | EoP | High | 9, 10 |
CVE-2020-0401 | A-150857253 | EoP | High | 8.0, 8.1, 9, 10 |
CVE-2020-0382 | A-152944488 | ID | High | 10 |
CVE-2020-0389 | A-156959408 | ID | High | 10 |
CVE-2020-0390 | A-157598026 | ID | High | 10 |
CVE-2020-0395 | A-154124307 | ID | High | 8.0, 8.1, 9, 10 |
CVE-2020-0397 | A-155092443 | ID | High | 8.0, 8.1, 9, 10 |
CVE-2020-0399 | A-153993591 | ID | High | 8.0, 8.1, 9, 10 |
Media Framework
CVE | References | Type | Severity | Updated AOSP versions |
---|---|---|---|---|
CVE-2020-0245 | A-152496149 | ID | High | 10 |
RCE | Critical | 8.0, 8.1, 9 | ||
CVE-2020-0392 | A-150226608 | EoP | High | 9, 10 |
CVE-2020-0381 | A-150159669 | ID | High | 8.0, 8.1, 9, 10 |
CVE-2020-0383 | A-150160279 | ID | High | 8.0, 8.1, 9, 10 |
CVE-2020-0384 | A-150159906 | ID | High | 8.0, 8.1, 9, 10 |
CVE-2020-0385 | A-150160041 | ID | High | 8.0, 8.1, 9, 10 |
CVE-2020-0393 | A-154123412 | ID | High | 9, 10 |
System
CVE | References | Type | Severity | Updated AOSP versions |
---|---|---|---|---|
CVE-2020-0380 | A-146398979 | RCE | Critical | 8.0, 8.1, 9, 10 |
CVE-2020-0396 | A-155094269 | ID | Critical | 8.0, 8.1, 9, 10 |
CVE-2020-0386 | A-155650356 | EoP | High | 8.0, 8.1, 9, 10 |
CVE-2020-0394 | A-155648639 | EoP | High | 8.0, 8.1, 9, 10 |
CVE-2020-0379 | A-150156492 | ID | High | 8.0, 8.1, 9, 10 |
On selected Samsung Galaxy devices, the updates launched this week are dated "2020-09-01". This means that the seriousness vulnerabilities (EoPs) that need to be corrected by the "security update 2020-09-05" are still exploitable.
Only one of these vulnerabilities, CVE-2020-0402, for example, can allow a user to gain permissions on a device so that it can unlock it and access the file system.
It is recommended that you update your devices immediately, which will happen automatically if you have the "auto-update" settings enabled.
A full description of the improvements can be found at site of Samsung.