Samsung Galaxy update patches a number of major security issues
Update patches remote code execution, privilege escalation and DoS vulnerabilities
Samsung has begun rolling out Android's November security updates to the Samsung Galaxy S20 and its other Galaxy smartphones in order to patch a number of serious security vulnerabilities in the operating system.
The update follows the release of the latest Android Security Bulletin for November 2020 which contains details of security vulnerabilities affecting all Android smartphones and not just Samsung devices.
Samsung Galaxy devices are now automatically downloading the new software update which improves the stability of the Camera app, Wi-Fi connectivity and also includes several significant security updates.
- We've assembled a list of the best VPN services on the market
- Keep your smartphone protected with one of the best Android antivirus apps
- Also check out our roundup of the best privacy apps for Android
Owners of Samsung smartphones are highly encouraged to install the new update as almost all of the vulnerabilities it addresses have either a High or Critical severity rating. If left unpatched, these bugs could be exploited by an attacker to achieve remote code execution, privilege escalation or Denial of Service (DoS) on a vulnerable device.
Android security update
According to the Android security bulletin, the new update patches a number of vulnerabilities in the operating system's framework, media framework and system.
In the framework there are two critical DoS bugs, two high severity privilege escalation bugs, a high severity information disclosure bug and finally a high severity DoS bug. The update also patches one critical and one high remote code execution bug in Android's media framework as well as one high severity escalation of privilege bug and one moderate one.
When it comes to the Android system itself, the update addresses four high severity information disclosure bugs, one high severity escalation of privilege bug, one high severity DoS bug and a critical remote code execution bug. The Android Security Bulletin explains that the critical security vulnerability in Android's system component is the most severe of all the bugs patched, saying:
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“The most severe of these issues is a critical security vulnerability in the System component that could enable a proximal attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.”
While most Samsung Galaxy smartphones will receive the latest security update fixing all of the bugs detailed above, select Galaxy devices such as the Galaxy S10 5G have received a security patch from a few days earlier that does not address all of the vulnerabilities present in the Android operating system.
- We've also highlighted the best business smartphones
Via BleepingComputer
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.