YouMobile on Facebook YouMobile on Google+ Follow YouMobile on Twitter

Samsung Android Security Update for the month of April

21 April, 2016 Samsung

Samsung's security update for the month of April has now been released and is available for most major flagships to download as part of Samsung's monthly Security Maintenance Release or SMR. As is always the case, the package contains security patches from both Samsung and of course, Google. The SMR includes all 41 fixes from Google with the 35 CVE items as follows:

CVE-2016-1503(C), CVE-2014-6060(C), CVE-2016-0835(C), CVE-2016-0836(C), CVE-2016-0837(C), CVE-2016-0838(C), CVE-2016-0839(C), CVE-2016-0840(C), CVE-2016-0841(C), CVE-2016-0842(C), CVE-2016-0846(H), CVE-2016-0847(H), CVE-2016-0848(H), CVE-2016-0849(H), CVE-2016-0850(H), CVE-2016-2412(H), CVE-2016-2413(H), CVE-2016-2414(H), CVE-2016-2415(H), CVE-2016-2416(H), CVE-2016-2417(H), CVE-2016-2418(H), CVE-2016-2419(H), CVE-2016-2420(M), CVE-2016-2421(M), CVE-2016-2422(M), CVE-2016-2423(M), CVE-2016-2424(M), CVE-2016-2425(M), CVE-2016-2426(M), CVE-2016-2427(M), CVE-2016-1621(C), CVE-2016-0832(M), CVE-2016-0805(C), and CVE-2016-0806(C).

Index: (C) - Critical severity (H) - High severity (M) - Moderate severity and (L) - Low severity.

The main Samsung Vulnerabilities and Exposures (SVE) addressed in the SMR for April are as follows:

SVE-2016-5393: ACIPC-MSOCKET driver local privilege escalation Vulnerability (Critical)

The vulnerability allowed the attacker to cause a stack overflow and in the process, get privilege escalation. It has been fixed by correcting the code and by restricting access to the file itself. The critical vulnerability affected Marvell chipsets with JBP (4.2) and KK (4.4).

SVE-2016-5534: Non-existent Notification Listener App Vulnerability (High)

The threat affected the Galaxy S6 Edge by permitting all apps with a certain component name to get notified, irrespective of whether the actual application was installed or not. The issue is fixed by removing the component thoroughly from enabled notification listeners.

SVE-2016-5544: Clipboard Vulnerability (Medium)

Any device which was using Samsung clipboard was susceptible to the threat. It permits making of a race condition that allows access to the clipboard user data of Secure World, right from Normal World. It has been fixed through introduction of certain synchronization points which eliminate any chances of creating a race condition.

There are a few others, but they are undisclosed at the moment for security reasons.



Posts: 6451

© 2020 YouMobile Inc. All rights reserved