This week, Samsung began releasing November security updates on Android mobile devices to fix critical security vulnerabilities in the operating system and improve overall device capabilities.
This comes after Android released the November 2020 security newsletter, which includes patches for critical vulnerabilities affecting the latest devices.
As noted by BleepingComputer, Samsung Galaxy devices are automatically updated with the updates released on November 9, 2020.
These updates include many improvements related to Wi-Fi connectivity, the camera, and some very important security fixes.
Almost every vulnerability encountered by this update is either "High" or "Critical", making this update necessary for Android users, so Appliances to remain protected.
RCE, escalation of privileges and DoS
There is a very serious vulnerability, CVE-2020-0409, which has been fixed by this update.
The problem could allow a locally run application to bypass user interaction requirements and obtain illegal add-ons royalties. The commit repair shown below fixes CVE-2020-0409.
"The most serious vulnerability in the [Media Framework] section could allow a remote intruder which uses a specially crafted file to execute arbitrary code within a privileged procedure", Explains the Android security newsletter for November 2020.
Most vulnerabilities in the Framework itself concerned attackers who could cause a "permanent" DoS status through specially designed messages.
Some bugs are still exploitable
On selected Samsung Galaxy devices, the updates launched this week have the most recent "security patch" at "2020-11-01".
This means that the high and critical severity vulnerabilities must corrected from the “safety newsletter 2020-11-05” could still be exploited.
A full description of the optimizations offered by this update is provided at site of Samsung.
Source of information: bleepingcomputer.com