Samsung pubblica i dettagli dell'aggiornamento SMR di marzo

7 Marzo 2017 - a cura di PuntoCellulare.it
SAMSUNG ANDROID CERCA
Come ogni mese Samsung ha pubblicato i dettagli relativi alle patch di sicurezza adottate sugli aggiornamenti software Security Maintenance Release (SMR), in arrivo a breve sugli smartphone Android della clientela.

Samsung pubblica i dettagli dell'aggiornamento SMR di marzo
Per quanto riguarda il mese di marzo, con gli aggiornamenti verranno ad essere risolte ben 73 falle nella sicurezza e 12 vulnerabilità specifiche per gli smartphone Samsung. La casa coreana anche questa volta non si è addentrata nei particolari tecnici dei bug, per evitare che chi sviluppa malware possa trovare ispirazione.

SMR-MAR-2017

Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process.
This SMR package includes patches from Google and Samsung.

Google patches include patches up to Android Security Bulletin - March 2017 package.

The Bulletin (March 2017) contains the following CVE items:
CVE-2015-8816(C), CVE-2014-9781(H), CVE-2016-3843(C), CVE-2016-6674(H), CVE-2016-6675(H), CVE-2014-9675(H), CVE-2016-6728(C), CVE-2016-7910(C), CVE-2016-6757(M), CVE-2016-8406(M), CVE-2016-6690(L), CVE-2015-3288(C), CVE-2016-8422(C), CVE-2016-8423(C), CVE-2016-8415(H), CVE-2017-0404(H), CVE-2016-8452(H), CVE-2017-0399(M), CVE-2017-0400(M), CVE-2017-0402(M), CVE-2017-0395(M), CVE-2016-8418(C), CVE-2017-0437(H), CVE-2017-0438(H), CVE-2017-0439(H), CVE-2016-8419(H), CVE-2016-8420(H), CVE-2016-8421(H), CVE-2017-0440(H), CVE-2017-0441(H), CVE-2017-0442(H), CVE-2017-0443(H), CVE-2016-8476(H), CVE-2016-8414(M), CVE-2017-0451(M), CVE-2017-0423(M), CVE-2016-9806(C), CVE-2016-8655(H), CVE-2016-9793(H), CVE-2016-8416(M), CVE-2016-8477(M), CVE-2016-2182(C), CVE-2017-0466(C), CVE-2017-0467(C), CVE-2017-0468(C), CVE-2017-0469(C), CVE-2017-0470(C), CVE-2017-0471(C), CVE-2017-0472(C), CVE-2017-0473(C), CVE-2017-0474(C), CVE-2017-0475(C), CVE-2017-0478(H), CVE-2017-0479(H), CVE-2017-0480(H), CVE-2017-0481(H), CVE-2017-0482(H), CVE-2017-0483(H), CVE-2017-0484(H), CVE-2017-0485(H), CVE-2017-0486(H), CVE-2017-0487(H), CVE-2017-0488(H), CVE-2017-0390(H), CVE-2017-0392(H), CVE-2017-0489(M), CVE-2017-0490(M), CVE-2017-0491(M), CVE-2017-0495(M), CVE-2017-0496(M), CVE-2017-0497(M), CVE-2017-0498(M), and CVE-2017-0499(L).
* Severity : (C)-Critical, (H)-High, (M)-Moderate, (L)-Low

※ Please see Android Security Bulletin for detailed information on Google patches.

Along with Google patches, Samsung Mobile provides 12 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer's confidence on security of Samsung Mobile devices¹.
Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.

SVE-2016-7797: Restricted account security flaw

Severity: Medium
Affected versions: L(5.0/5.1), M(6.0) all tablet devices
Reported on: December 4, 2016
Disclosure status: Privately disclosed.
A vulnerability allows an unauthorized user to create additional user accounts in tablets resulting in unauthorized access to user data in external storage.
The patch protects tablet devices by removing "add user" feature on lockscreen interface.

SVE-2016-7930: Multiple Buffer Overflow in Qualcomm Bootloader

Severity: Critical
Affected versions: Galaxy S5 with Qualcomm AP chipset
Reported on: December 20, 2016
Disclosure status: Privately disclosed.
A buffer overflow vulnerability exist in Qualcomm bootloader.
The patch prevents buffer overflow by removing the problematic source code.

SVE-2017-8114, SVE-2017-8116, and SVE-2017-8117: Crash on AudioService via unprotected intent

Severity: Low
Affected versions: KK(4.4), L(5.0/5.1), M(6.0), N(7.0)
Reported on: January 12, 2017
Disclosure status: Privately disclosed.
Lack of appropriate exception handling in some receivers of the AudioService application allows attackers crash the system easily resulting in a possible DoS attack.
The patch prevents system crashes by handling unexpected exceptions.

¹ Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements

We truely appreciate the following researchers for helping Samsung to improve the security of our products.

- Costandinos "Dino" Tsagaratos : SVE-2016-7797
- Frèdèric Basse : SVE-2016-7930
- Qing Zhang of Xiaomi and Guangdong Bai of Singapore Institute of Technology (SIT) : SVE-2017-8114, SVE-2017-8116, SVE-2017-8117

MIGLIORI OFFERTE

NOTIZIE CORRELATE

COMMENTI DEI LETTORI

    La pubblicazione dei commenti comporta l'accettazione del regolamento