Samsung ha pubblicato in queste ore il 'change-log' dell'aggiornamento alla sicurezza (SMR) per gli smartphone Android del mese di settembre.
L'aggiornamento è
già in distribuzione dall'inizio di questa settimana su
Galaxy S7 e
Galaxy S7 Edge ed arriverà a breve anche sugli altri top di gamma più recenti della casa coreana.
SMR-SEP-2016
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process.
This SMR package includes patches from Google and Samsung.
Google patches include patches up to Android Security Bulletin - September 2016 package.
The Bulletin (September 2016) contains the following CVE items:
CVE-2016-3861(C), CVE-2016-3862(C), CVE-2016-2429(C), CVE-2016-3863(H), CVE-2016-3822(H), CVE-2016-3870(H), CVE-2016-3871(H), CVE-2016-3872(H), CVE-2016-3875(H), CVE-2016-3876(H), CVE-2016-3823(H), CVE-2016-3899(H), CVE-2016-3878(H), CVE-2016-3879(H), CVE-2016-3880(H), CVE-2016-3881(H), CVE-2016-2495(H), CVE-2016-3883(M), CVE-2016-3884(M), CVE-2016-3885(M), CVE-2016-3888(M), CVE-2016-3889(M), CVE-2016-3890(M), CVE-2016-3833(M), CVE-2016-3895(M), CVE-2016-3896(M), CVE-2016-3897(M), CVE-2016-3898(M), CVE-2016-2427(M), CVE-2016-2503(C), CVE-2014-9790(H), CVE-2016-2501(H), CVE-2014-9902(C), CVE-2014-9863(H), CVE-2014-9864(H), CVE-2014-9865(H), CVE-2014-9867(H), CVE-2014-9869(H), CVE-2014-9870(H), CVE-2014-9874(H), CVE-2014-9876(H), CVE-2014-9877(H), CVE-2014-9881(H), CVE-2014-9882(H), CVE-2014-9884(H), CVE-2014-9887(H), CVE-2014-9890(H), CVE-2014-9891(H), CVE-2015-8940(H), CVE-2015-2686(C), CVE-2016-2474(C), CVE-2016-2546(H), CVE-2014-9904(H), CVE-2014-9892(H), CVE-2014-9894(H), CVE-2014-9896(H), CVE-2014-9900(H), CVE-2015-8944(H), CVE-2014-9901(H), CVE-2016-4578(M), CVE-2016-4569(M), CVE-2016-2504(C), CVE-2016-3842(C), CVE-2016-3854(H), CVE-2016-3855(H), and CVE-2016-2544(H).
* Severity : (C)-Critical, (H)-High, (M)-Moderate, (L)-Low
※ Please see Android Security Bulletin for detailed information on Google patches.
Along with Google patches, Samsung Mobile provides 9 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer's confidence on security of Samsung Mobile devices¹.
Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.
SVE-2016-6248: SystemUI Security issue
Severity: Medium
Affected versions: L(5.0/5.1), M(6.0) devices with Exynos7420 chipset
Reported on: June 7, 2016
Disclosure status: Privately disclosed.
The vulnerability exists due to a null pointer dereference on fimg2d driver.
The patch verifies if the object is null before dereferencing it.
In addition, the following CVEs are included as part of Samsung security patches:
CVE-2016-2059(H), CVE-2016-5340(H)
* Severity : (C)-Critical, (H)-High, (M)-Medium, (L)-Low
※ Some of the CVE items in certain models were already included in previous maintenance release(s) such that they may not be included in this package.
¹ Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.
Acknowledgements
We truely appreciate the following researchers for helping Samsung to improve the security of our products.
- Zhaozhanpeng of Cheetah Mobile : SVE-2016-6248