Jump to content

Samsung fixes critical Android bugs in March 2021 updates


Recommended Posts

Samsung fixes critical Android bugs in March 2021 updates

 

samsung-phones.jpg

 

This week Samsung has started rolling out Android's March security updates to mobile devices to patch critical security vulnerabilities in the runtime, operating system, and related components.

 

This comes after Android had published their March 2021 security updates bulletin, which includes patches for critical vulnerabilities impacting the latest devices.

 

As observed by BleepingComputer, Samsung Galaxy devices are automatically pulling updates released on March 5, 2021, this week.

 

These updates mainly comprise significant security fixes with a couple of enhancements across Samsung Galaxy built-in apps like Calendar, Display, Social Platform, and SmartThings.

 

android-galaxy-mar2021.jpg

Samsung Galaxy S10 prompting users to get March 2021 updates

Source: BleepingComputer

 

Every vulnerability addressed by this update, has either a 'High' or 'Critical' severity rating, making this update a must for Android users so that their devices remain protected.

From RCE via Bluetooth to Privilege Escalation

There's the critical vulnerability, CVE-2021-0397 lurking in the Android System arising from a null pointer, which has been fixed by this update.

 

The vulnerability in Android's Bluetooth Service Discovery Protocol (SDP) implementation, called Fluoride Bluetooth stack could let an attacker perform remote code execution (RCE) attacks via a specially crafted Bluetooth transmission.

 

CVE-2021-0397-fix(1).jpg

Fix made for CVE-2021-0397, critical RCE vulnerability

Source: Google Source for Android

 

Additionally, Google Play Protect has stepped up protections and made exploitation of Android vulnerabilities more challenging by adding security enhancements.

"Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform."

"We encourage all users to update to the latest version of Android where possible," stated this month's Android advisory.

 

Other flaws impacting components like Framework, System, and Android runtime could allow sensitive information disclosure and privilege escalation by attackers.

 

The list of vulnerabilities patched by this update includes:

 

Android runtime

CVE References Type Severity Updated AOSP versions
CVE-2021-0395 A-170315126 EoP High 11

Framework

CVE References Type Severity Updated AOSP versions
CVE-2021-0391 A-172841550 EoP High 8.1, 9, 10, 11
CVE-2021-0398 A-173516292 EoP High 11

System

CVE References Type Severity Updated AOSP versions
CVE-2021-0397 A-174052148 RCE Critical 8.1, 9, 10, 11
CVE-2017-14491 A-158221622 RCE High 8.1, 9, 10, 11
CVE-2021-0393 A-168041375 RCE High 8.1, 9, 10, 11
CVE-2021-0396 A-160610106 RCE High 8.1, 9, 10, 11
CVE-2021-0390 A-174749461 EoP High 8.1, 9, 10, 11
CVE-2021-0392 A-175124730 EoP High 9, 10, 11
CVE-2021-0394 A-172655291 [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] ID High 8.1, 9, 10, 11

Google Play system updates

Component CVE
WiFi CVE-2021-0390

Some bugs may still be exploitable

On select Samsung Galaxy devices, the updates pushed this week have their latest "security patch level" dated "2021-03-01."

 

This implies the high and critical severity vulnerabilities yet to be fixed by the "2021-03-05 security patch" could still be exploitable.

 

Users are advised to update their Android devices immediately to safeguard against these bugs, and ensure their devices have the "auto-update" settings enabled.

 

A full description of enhancements and optimizations this update brings is provided on Samsung's website.

 

 

Source: Samsung fixes critical Android bugs in March 2021 updates

Link to post
Share on other sites
  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

  • mood

    1

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Samsung fixes critical Android bugs in March 2021 updates     This week Samsung has started rolling out Android's March security updates to mobile devices to patch critical securi

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...