Home Cyber Crime Samsung fixes critical Android bugs in March 2021 updates

Samsung fixes critical Android bugs in March 2021 updates


galaxy s10

This week Samsung has began rolling out Android’s March safety updates to cell gadgets to patch essential safety vulnerabilities within the runtime, working system, and associated parts.

This comes after Android had revealed their March 2021 safety updates bulletin, which incorporates patches for essential vulnerabilities impacting the newest gadgets.

As noticed by BleepingComputer, Samsung Galaxy gadgets are mechanically pulling updates launched on March 5, 2021, this week.

These updates primarily comprise important safety fixes with a few enhancements throughout Samsung Galaxy built-in apps like Calendar, Show, Social Platform, and SmartThings.

Samsung Galaxy S10 prompting users to update
Samsung Galaxy S10 prompting customers to get March 2021 updates
Supply: BleepingComputer

Each vulnerability addressed by this replace, has both a ‘Excessive’ or ‘Vital’ severity ranking, making this replace a should for Android customers in order that their gadgets stay protected.

From RCE through Bluetooth to Privilege Escalation

There’s the essential vulnerability, CVE-2021-0397 lurking within the Android System arising from a null pointer, which has been fixed by this replace.

The vulnerability in Android’s Bluetooth Service Discovery Protocol (SDP) implementation, known as Fluoride Bluetooth stack may let an attacker carry out distant code execution (RCE) assaults through a specifically crafted Bluetooth transmission.

CVE-2021-0397 fix
Repair made for CVE-2021-0397, essential RCE vulnerability
Supply: Google Supply for Android

Moreover, Google Play Shield has stepped up protections and made exploitation of Android vulnerabilities tougher by including safety enhancements.

“Exploitation for a lot of points on Android is made tougher by enhancements in newer variations of the Android platform.”

“We encourage all customers to replace to the newest model of Android the place attainable,” acknowledged this month’s Android advisory.

Different flaws impacting parts like Framework, System, and Android runtime may permit delicate data disclosure and privilege escalation by attackers.

The record of vulnerabilities patched by this replace contains:

CVE References Sort Severity Up to date AOSP variations
CVE-2021-0395 A-170315126 EoP Excessive 11
CVE References Sort Severity Up to date AOSP variations
CVE-2021-0391 A-172841550 EoP Excessive 8.1, 9, 10, 11
CVE-2021-0398 A-173516292 EoP Excessive 11
CVE References Sort Severity Up to date AOSP variations
CVE-2021-0397 A-174052148 RCE Vital 8.1, 9, 10, 11
CVE-2017-14491 A-158221622 RCE Excessive 8.1, 9, 10, 11
CVE-2021-0393 A-168041375 RCE Excessive 8.1, 9, 10, 11
CVE-2021-0396 A-160610106 RCE Excessive 8.1, 9, 10, 11
CVE-2021-0390 A-174749461 EoP Excessive 8.1, 9, 10, 11
CVE-2021-0392 A-175124730 EoP Excessive 9, 10, 11
CVE-2021-0394 A-172655291 [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] ID Excessive 8.1, 9, 10, 11
Part CVE
WiFi CVE-2021-0390

Some bugs should still be exploitable

On choose Samsung Galaxy gadgets, the updates pushed this week have their newest “safety patch degree” dated “2021-03-01.”

This means the excessive and important severity vulnerabilities but to be fastened by the “2021-03-05 security patch” may nonetheless be exploitable.

Customers are suggested to replace their Android gadgets instantly to safeguard towards these bugs, and guarantee their gadgets have the “auto-update” settings enabled.

A full description of enhancements and optimizations this replace brings is supplied on Samsung’s website.

Source link