Samsung Fixes Critical Vulnerabilities with September Mobile Security Patch

The fleet of Samsung Galaxy mobile devices are in for a bit of an upgrade, as the tech giant announced a fix for eight critical system vulnerabilities in its latest security bulletin published on September 8.

Additional improvements and optimizations linked to Wi-Fi connectivity, Samsung Keyboard, and messaging app were also included in the September patch.

Among the most severe security vulnerabilities, the company announced a fix for CVE-2020-0245, which is found in the Media Framework component, as it “could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.”

Additional fixes have also been rolled out to address critical system vulnerabilities such as CVE-2020-0380 and CVE-2020-0396, which could allow remote attacks using a specially crafted transmission to execute arbitrary code within the context of a privileged process.

The list of critical vulnerabilities fixed by the company can be found below:

• CVE-2020-0245 (Media Framework)
• CVE-2020-0380 (System)
• CVE-2020-0396 (System)
• CVE-2019-10628 (Qualcomm closed-source components)
• CVE-2019-10629(Qualcomm closed-source components)
• CVE-2019-13994(Qualcomm closed-source components)
• CVE-2020-3621(Qualcomm closed-source components)
• CVE-2020-3634(Qualcomm closed-source components)

Android security platform and Google Play Protect mitigations were also announced, and users are encouraged to update to the latest Android version and to enable the auto-update setting.

Users who are not sure if they are running on the latest update can find their device’s Android version number, security update level, and Google Play system level in the phone’s Settings app.