Samsung started releasing the security updates Σεπτεμβρίου στις Android συσκευές της, για να διορθώσει κρίσιμες αδυναμίες ασφαλείας στο functional its system and improve the overall capabilities on its devices.
This week the google released the September 2020 Android security updates, which include several security updates to the code for critical vulnerabilities affecting the latest devices.
As noted, Samsung Galaxy devices started updating automatically today, September 10th.
These updates include many improvements to Wi-Fi connectivity, the Samsung Keyboard, and the Messaging app, along with some important security fixes. There are also optimizations to the Pro Video capability of the camera.
All of the vulnerabilities addressed in this update have been rated with either “High” or “Critical” severity, making the update essential for users of the company so that their devices remain secure.
One of the most critical vulnerabilities is CVE-2020-0245, which affects the Media Framework component and allows both remote code execution and the disclosure of important information.
Other notable vulnerabilities that are fixed in this update include:
Framework
CVE | References | Type | Severity | Updated AOSP versions |
---|---|---|---|---|
CVE-2020-0074 | A-146204120 | EoP | High | 8.0, 8.1, 9, 10 |
CVE-2020-0388 | A-156123285 | EoP | High | 10 |
CVE-2020-0391 | A-158570769 | EoP | High | 9, 10 |
CVE-2020-0401 | A-150857253 | EoP | High | 8.0, 8.1, 9, 10 |
CVE-2020-0382 | A-152944488 | ID | High | 10 |
CVE-2020-0389 | A-156959408 | ID | High | 10 |
CVE-2020-0390 | A-157598026 | ID | High | 10 |
CVE-2020-0395 | A-154124307 | ID | High | 8.0, 8.1, 9, 10 |
CVE-2020-0397 | A-155092443 | ID | High | 8.0, 8.1, 9, 10 |
CVE-2020-0399 | A-153993591 | ID | High | 8.0, 8.1, 9, 10 |
Media Framework
CVE | References | Type | Severity | Updated AOSP versions |
---|---|---|---|---|
CVE-2020-0245 | A-152496149 | ID | High | 10 |
RCE | critical | 8.0, 8.1, 9 | ||
CVE-2020-0392 | A-150226608 | EoP | High | 9, 10 |
CVE-2020-0381 | A-150159669 | ID | High | 8.0, 8.1, 9, 10 |
CVE-2020-0383 | A-150160279 | ID | High | 8.0, 8.1, 9, 10 |
CVE-2020-0384 | A-150159906 | ID | High | 8.0, 8.1, 9, 10 |
CVE-2020-0385 | A-150160041 | ID | High | 8.0, 8.1, 9, 10 |
CVE-2020-0393 | A-154123412 | ID | High | 9, 10 |
System
CVE | References | Type | Severity | Updated AOSP versions |
---|---|---|---|---|
CVE-2020-0380 | A-146398979 | RCE | Critical | 8.0, 8.1, 9, 10 |
CVE-2020-0396 | A-155094269 | ID | Critical | 8.0, 8.1, 9, 10 |
CVE-2020-0386 | A-155650356 | EoP | High | 8.0, 8.1, 9, 10 |
CVE-2020-0394 | A-155648639 | EoP | High | 8.0, 8.1, 9, 10 |
CVE-2020-0379 | A-150156492 | ID | High | 8.0, 8.1, 9, 10 |
On select Samsung Galaxy devices, the updates pushed out this week are dated “2020-09-01”. This implies that vulnerabilities (EoP) of high severity that must be patched by “security update 2020-09-05” are still exploitable.
Just one of these vulnerabilities, CVE-2020-0402, for example, can allow a user to gain privileges on a device so that they are able to unlock it and have access in the file system.
It is recommended that you update your devices immediately, which will happen automatically if you have the "auto-update" settings enabled.
A full description of the improvements can be found at site of Samsung.