8/9/16

Samsung Android Security Updates

SMR-AUG-2016


Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process.
This SMR package includes patches from Google and Samsung.

Google patches include patches up to Android Security Bulletin – August 2016 package.

The Bulletin (August 2016) contains the following CVE items:
CVE-2016-3819(C), CVE-2016-3820(C), CVE-2016-3821(C), CVE-2016-3822(H), CVE-2016-3823(H), CVE-2016-3824(H), CVE-2016-3825(H), CVE-2016-3826(H), CVE-2016-3827(H), CVE-2016-3828(H), CVE-2016-3829(H), CVE-2016-3830(H), CVE-2016-3831(H), CVE-2016-3832(M), CVE-2016-3833(M), CVE-2016-3761(M), CVE-2016-2842(M), CVE-2016-3834(M), CVE-2016-3835(M), CVE-2016-3836(M), CVE-2016-3837(M), CVE-2016-3838(M), CVE-2016-3839(M), CVE-2016-3840(C), CVE-2016-3853(M), CVE-2016-2497(M), CVE-2016-3751(H), CVE-2016-3746(H), CVE-2016-3747(H), CVE-2016-2107(H), CVE-2016-2503(C), CVE-2016-2067(C), CVE-2016-3775(C), CVE-2014-9781(H), CVE-2015-8890(H), CVE-2016-3792(H), CVE-2016-3797(H), CVE-2016-3803(H), CVE-2016-2068(H), CVE-2016-3809(H), CVE-2016-0723(M), CVE-2015-3847(M), CVE-2016-2468(C), CVE-2016-2475(H), CVE-2016-2066(H), CVE-2016-2469(H), CVE-2016-2472(H), CVE-2016-2480(H), CVE-2016-2493(H), CVE-2016-2431(C), CVE-2015-6639(C), CVE-2015-6647(C), CVE-2016-2438(H), CVE-2016-2443(H), CVE-2015-6626(H), and CVE-2015-3872(C).
* Severity : (C)-Critical,   (H)-High,   (M)-Moderate,   (L)-Low

※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 8 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices¹.
Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2016-6008: SideSync Security Issue

Severity: High
Affected versions: M(6.0)
Reported on: April 20, 2016
Disclosure status: This issue is publicly known.
Activating the SideSync application before finishing Setup Wizard stage enables bypass of FRP by installing malicious applications.
The patch blocks activation of the SideSync application before finishing Setup Wizard stage.


SVE-2016-6242: Possible Privilege Escalation in telecom

Severity: Medium
Affected versions: L(5.0/5.1), M(6.0)
Reported on: May 11, 2016
Disclosure status: Privately disclosed.
A vulnerability in SpamCall Activity components of Telecom application can make crash and reboot a device when the malformed serializable object is passed.
The patch complements the exception handling routine to prevent crash.


SVE-2016-6244: Possible Privilege Escalation in telecom

Severity: Medium
Affected versions: L(5.0/5.1), M(6.0)
Reported on: May 11, 2016
Disclosure status: Privately disclosed.
The vulnerability in SmartCall Activity components of Telecom application can make crash and reboot a device when the malformed serializable object is passed.
The patch complements the exception handling routine to prevent crash.


SVE-2016-6382: fimg2d NULL Pointer Dereference

Severity: Medium
Affected versions: L(5.0/5.1), M(6.0) devices with Exynos7420 chipset
Reported on: June 7, 2016
Disclosure status: Privately disclosed.
The vulnerability exists due to a null pointer dereference on fimg2d driver.
The patch verifies if the object is null before dereferencing it.


SVE-2016-6542: OMACP message parsing vulnerabilities

Severity: Medium
Affected versions: KK(4.4), L(5.0/5.1), and M(6.0)
Reported on: June 21, 2016
Disclosure status: Privately disclosed.
The lack of exception handling for the OMACP message which has an empty field of WIFI profile, throws an exception error and leads to device reboot by Android Runtime Crash.
The patch applied an exception handling routine for an empty field of WIFI profile.


¹ Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements

We truely appreciate the following researchers for helping Samsung to improve the security of our products.

- Zhaozhanpeng of Cheetah Mobile : SVE-2016-6242 (CVE-2016-6526), SVE-2016-6244 (CVE-2016-6527)
- James Fang and Anthony LAOU HINE TSUEI of Tencent Keen Lab : SVE-2016-6382
- Tom Court of Context : SVE-2016-6542

0 comments:

Post a Comment