News

September 2021 Samsung One UI Security patch details

Published

on

Samsung has released the security patch details for September 2021 Security Update. This patch contains fixes provided by Google and Samsung for maintaining the system stability of the devices. It’ll fix various issues and vulnerabilities to strengthen the device’s security.

Eligible Galaxy devices working on Android-based One UI custom skin will gradually receive the security update. Besides, the announcement of the Android 12 based One UI 4.0 beta release drew user’s attention to the Galaxy S21 smartphones. Alongside the native users, the US and German regions could be the first to grab the One UI 4 Beta built.

Presently, let’s focus on the Samsung One UI September 2021 security patch details and explore what Samsung has fixed in this security bulletin-

Android Security Bulletins:

Google has fixed an overall 57 CVEs that includes 3 with critical, 29 with high, and 14 with moderate severities. Furthermore, it also brings 2 CVEs that have already been included with the previous updates and 9 that are not applicable on the Galaxy devices. The details are mentioned below-

  • Critical: CVE-2021-1972, CVE-2021-1976, CVE-2021-0687
  • High: CVE-2021-28375, CVE-2020-14381, CVE-2021-0582, CVE-2021-0578, CVE-2021-0579, CVE-2021-0580, CVE-2021-0581, CVE-2021-30261, CVE-2021-30260, CVE-2021-1939, CVE-2021-1947, CVE-2021-1904, CVE-2021-0639, CVE-2019-10581, CVE-2021-0518, CVE-2021-0595, CVE-2021-0683, CVE-2021-0684, CVE-2021-0685, CVE-2021-0688, CVE-2021-0686, CVE-2021-0689, CVE-2021-0690, CVE-2021-0598, CVE-2021-0692, CVE-2021-0428, CVE-2021-0644, CVE-2021-0682, CVE-2021-0693
  •  Moderate: CVE-2021-0565, CVE-2021-0556, CVE-2021-0562, CVE-2021-0566, CVE-2021-0536, CVE-2021-0537, CVE-2021-0538, CVE-2021-0539, CVE-2021-0547, CVE-2021-0548, CVE-2021-0553, CVE-2021-0549, CVE-2021-0552, CVE-2021-0691
  • Already Included in Previous Updates: CVE-2021-1919, CVE-2021-1916, CVE-2021-1920, CVE-2021-0573, CVE-2021-0574, CVE-2021-0576, CVE-2021-1914, CVE-2021-1978, CVE-2020-3633
  • Not Applicable to Samsung Devices: CVE-2021-3347, CVE-2021-0564

Samsung Vulnerabilities and Exposures:

Aside from the Google patches, the September 2021 One UI security details bulletin provides fixes to 23 SVE (Samsung Vulnerabilities and Exposures). Among these 23 SVEs, the company only described 14 in which 7 have moderate severity, 2 have high, and the rest 5 have low-level severity. Below you can check the further information about the described fixes-

  • SVE-2021-21619 (CVE-2021-25457): Kernel Information Disclosure in the Vision DSP Kernel Driver
  • SVE-2021-21943 (CVE-2021-25450): Path traversal vulnerability in FactoryAirCommandManager
  • SVE-2021-22094 (CVE-2021-25449): Arbitrary code execution on media extractor process
  • SVE-2021-21959 (CVE-2021-25452): Kernel Permanent Denial of Service Vulnerability in the Vision DSP Kernel Driver
  • SVE-2021-21041 (CVE-2021-25453): Leak Bluetooth information through Broadcast in Bluetooth app
  • SVE-2021-21620 (CVE-2021-25458): NULL pointer dereference vulnerability in the ION Driver
  • SVE-2021-22602 (CVE-2021-25459): Improper access control in BlockChainService
  • SVE-2021-22603 (CVE-2021-25460): Improper access control in BlockChainService
  • SVE-2021-22411 (CVE-2021-25461): APAService Stack Overflow
  • SVE-2021-21413 (CVE-2021-25451): Sensitive information disclosure in NetworkPolicyManagerService
  • SVE-2021-22278 (CVE-2021-25454): OOB read vulnerability in ‘libsaacextractor.so’
  • SVE-2021-22291 (CVE-2021-25455): OOB read vulnerability in ‘libsaviextractor.so’
  • SVE-2021-22343 (CVE-2021-25456): OOB read vulnerability in ‘libswmfextractor.so’
  • SVE-2021-21969 (CVE-2021-25462): Null Pointer Dereference vulnerability in the NPU Driver

These patches will fix the internal threads and protect the devices from external threats. Users are recommended to download Samsung’s September 2021 One UI security update as soon it reaches their devices.

Copyright © 2022 Huaweicentral.com