7/6/16

Samsung Android Security Updates

MR-JUL-2016


Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process.
This SMR package includes patches from Google and Samsung.

Google patches include patches up to Android Security Bulletin – July 2016 package.

The Bulletin (July 2016) contains the following CVE items:
CVE-2016-2506(C), CVE-2016-2505(C), CVE-2016-2507(C), CVE-2016-2508(C), CVE-2016-3741(C), CVE-2016-3742(C), CVE-2016-3743(C), CVE-2016-2108(C), CVE-2016-3744(H), CVE-2016-3751(H), CVE-2016-3745(H), CVE-2016-3746(H), CVE-2016-3747(H), CVE-2016-3748(H), CVE-2016-3749(H), CVE-2016-3750(H), CVE-2016-3752(H), CVE-2016-3753(H), CVE-2016-2107(H), CVE-2016-3754(H), CVE-2016-3755(H), CVE-2016-3756(H), CVE-2016-3818(H), CVE-2016-3757(M), CVE-2016-3758(M), CVE-2016-3759(M), CVE-2016-3760(M), CVE-2016-3761(M), CVE-2016-3762(M), CVE-2016-3763(M), CVE-2016-3764(M), CVE-2016-3765(M), CVE-2016-3766(M), CVE-2016-2476(H), CVE-2016-2495(H), CVE-2016-2496(H), CVE-2016-2465(C), CVE-2016-2475(H), CVE-2016-2493(H), CVE-2016-2489(H), CVE-2016-2066(H), CVE-2016-2469(H), CVE-2016-2474(C), CVE-2016-2471(H), CVE-2016-2472(H), and CVE-2015-0571(H)
* Severity : (C)-Critical,   (H)-High,   (M)-Moderate,   (L)-Low

※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 4 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices¹.
Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2016-5953: Vulnerability in audio service

Severity: High
Affected versions: All devices supporting Samsung Professional Audio SDK
Reported on: April 5, 2016
Disclosure status: Privately disclosed.
The Jack audio service doesn’t have access control mechanism for shared memory and the vulnerability enables malicious application to access or modify values in shared memory, resulting in arbitrary code execution or privilege escalation.
The patch mitigates the risk by checking the values stored in shared memory and demoting the privilege of the service.


SVE-2016-5980: Null pointer dereference issue with socket

Severity: Medium
Affected versions: KK(4.4), L(5.0/5.1), M(6.0) devices which have following combinations: AP + CP MDM9x35, or Qualcomm Onechip (MSM8909, MSM8996, MSM8916, and so on)
Reported on: April 12, 2016
Disclosure status: Privately disclosed.
IPC socket code does not check null objects properly and a null deference would cause a system crash. A malicious attacker may exploit this vulnerability to crash the system.
The patch introduces a routine to filter out null objects to prevent null pointer dereference.


¹ Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements

We truely appreciate the following researchers for helping Samsung to improve the security of our products.

- Mark Brand of Google Project Zero : SVE-2016-5953
- Tim Xia of Baidu : SVE-2016-5980

0 comments:

Post a Comment