Samsung announces October security patch contents
Google has just released the October security update for Nexus devices, which is supposed to patch some security holes. On the other hand, Samsung announced it will push its own security update for the current month, although it's unclear which devices will get it first and when.
The good news is we at least know what changes the new update will include from Samsung's part. Well, it looks like aside from the Google patches, Samsung will provide 7 vulnerabilities and exposures items, “in order to improve customer's confidence on security of Samsung Mobile devices.”
Two SVE (Samsung Vulnerabilities and Exposures) have been detailed by the South Korean company, and from what we've been able to learn they are of medium severity.
The first one is a Qjpeg 3rd party library issue patch, which was privately disclosed. The vulnerability in Qjpeg decode function may result in system crash when a malformed image is passed from a 3rd party library. However, the October security patch will fix the vulnerability by modifying the proper memory allocation.
Next in line, a kernel crash via fb0(DECON), which seems to affect all devices that are powered by Samsung's Exynos chipsets. This issue was privately disclosed back in May and it concerns a vulnerability in frame buffer interface, which results in system crash accessed by a malicious graphics user. The October patch fixes this vulnerability by adding the proper implementation in frame buffer interface.
According to Samsung, some of the SVE items that were confirmed for the October security update might not be included in the package if they were part of a previous maintenance release.
Now let's see when Samsung starts pushing this maintenance release to its flagship smartphones since the mid-range ones are less likely to get it.