Samsung has begun rolling out Android's November security updates to the Samsung Galaxy S20 (opens in new tab) and its other Galaxy smartphones in order to patch a number of serious security vulnerabilities in the operating system.
The update follows the release of the latest Android Security Bulletin (opens in new tab) for November 2020 which contains details of security vulnerabilities affecting all Android smartphones and not just Samsung devices.
Samsung Galaxy devices are now automatically downloading the new software update which improves the stability of the Camera app, Wi-Fi connectivity and also includes several significant security updates.
- We've assembled a list of the best VPN (opens in new tab) services on the market
- Keep your smartphone protected with one of the best Android antivirus apps (opens in new tab)
- Also check out our roundup of the best privacy apps for Android (opens in new tab)
Owners of Samsung smartphones (opens in new tab) are highly encouraged to install the new update as almost all of the vulnerabilities it addresses have either a High or Critical severity rating. If left unpatched, these bugs could be exploited by an attacker to achieve remote code execution, privilege escalation or Denial of Service (DoS) on a vulnerable device.
Android security update
According to the Android security bulletin, the new update patches a number of vulnerabilities in the operating system's framework, media framework and system.
In the framework there are two critical DoS bugs, two high severity privilege escalation bugs, a high severity information disclosure bug and finally a high severity DoS bug. The update also patches one critical and one high remote code execution bug in Android's media framework as well as one high severity escalation of privilege bug and one moderate one.
When it comes to the Android system itself, the update addresses four high severity information disclosure bugs, one high severity escalation of privilege bug, one high severity DoS bug and a critical remote code execution bug. The Android Security Bulletin explains that the critical security vulnerability in Android's system component is the most severe of all the bugs patched, saying:
“The most severe of these issues is a critical security vulnerability in the System component that could enable a proximal attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.”
While most Samsung Galaxy smartphones will receive the latest security update fixing all of the bugs detailed above, select Galaxy devices such as the Galaxy S10 5G (opens in new tab) have received a security patch from a few days earlier that does not address all of the vulnerabilities present in the Android operating system.
- We've also highlighted the best business smartphones (opens in new tab)
Via BleepingComputer (opens in new tab)