Samsung security patch details April 2020

The company has now revealed the details of the April 2020 security patch.

In the April 2020 security patch, the organization fixed 14 critical vulnerabilities in the Android OS, alongside a few high and moderate-risk vulnerabilities.

ISSUES FIXED

• Multiples vulnerabilities in Fingerprint trustlet including a possible arbitrary memory overwrite, buffer non-initialize and leakage of address information allow arbitrary code execution. The patch adds proper input validation and buffers initialize and correct implementation of kernel logging.
• Certain floating icons allow unauthorized access to applications in Secure Folder. The patch adds a proper check for applications with the floating icon.
• A vulnerability allows access to clipboard contents on a locked device via Google Assistant. The patch removes options for showing editing text from the keyboard while the device is locked.
• A lack of a check for param type in MLDAP trust with TEEGRIS allows arbitrary code execution. The patch adds a proper check of param type.
• An invalid input check vulnerability in MLDAP trust with TEEGRIS allows out of bounds read. The patch adds proper boundary check code to prevent out of bounds read.
• A vulnerability in NFC allows exposure of potentially sensitive information from the dumpster. The patch addresses the log of the transaction from NFC.
• A vulnerability in recent task leaks preview of applications in Secure Folder while in a locked state. The patch addressed the issue in Secure Folder.
• A lack of status check logic for Lockdown mode in the Edge Lighting application allows notification exposure. The patch adds code to check the Lockdown status in the Edge Lighting application.
• The Kr00k vulnerability may allow an attacker to decrypt some WPA2-Personal/Enterprise traffic by forcing an AP/client to start utilizing an all-zero encryption key. The patch addressed the issue.

Note: Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

APRIL 2020 SECURITY PATCH:

• Galaxy Note 10+
• Galaxy Note 10 Lite
• Galaxy S10e
• Galaxy S10
• Galaxy S10+
• Galaxy Note 9
• Galaxy Note 8
• Galaxy A50
• Galaxy S8
• Galaxy S20
• Galaxy S20+
• Galaxy S20 Ultra
• Galaxy Note 10

Follow Us:

Facebook: Next News Source
Twitter: Next News Source
Telegram: Next News Source