Samsung fixed vulnerabilities in their Galaxy devices
Samsung has released an update SMR-JAN-2016 for its devices running Android, which closes 16 vulnerabilities in the OS and firmware. Nine of these relate directly to Android and were corrected by Google as part of the Nexus Security Bulletin update - January 2016 , which we wrote about earlier . The other seven vulnerabilities are of the Samsung Vulnerabilities and Exposures (SVE) type and are found in the Samsung services or code running on Android.
Two SVE vulnerabilities with identifiers SVE-2015-5109 ( Samsung Galaxy S6: android.media.process Face Recognition Memory Corruption ) and SVE-2015-5110 ( Samsung Galaxy S6: libQjpeg je_free Crash ) are Critical type and can allow attackers to remotely execute The code on the device or cause it to turn off. Updates are subject to the company's device models like Galaxy S5, S6, S6 edge, S6 edge +, Note 4, Note 5, Note Edge, which work on Android version 4.4 (KitKat) and higher.
')
The SVE-2015-4958 ( msm_sensor_config security issues ) vulnerability is present in the msm_sensor_config component and allows attackers to perform memory corruption.
The SVE-2015-5081 vulnerability ( Exposed provider and SQLi in SecEmailSync ) in the SecEmailSync component allows ordinary applications to access the contents of the mailbox.
The SVE-2015-5109 vulnerability ( Samsung Galaxy S6: android.media.process Face Recognition Memory Corruption ) in the libfacerecognition face recognition library allows you to execute malicious code by scanning this component with a specially formed BMP image file.
The SVE-2015-5110 vulnerability ( Samsung Galaxy S6: libQjpeg je_free Crash ) in the library libQjpeg.so can be used by attackers for memory corruption.
The SVE-2015-5131 vulnerability ( FRP / RL Bypass issue by hacking tools ) in the bootloader allows various illegitimate tools to bypass the device protection mechanism against a reset called Factory Reset Protection using the Odin protocol.
Vulnerability of SVE-2015-5133 ( IAndroidShm IAPAService service DoS ) in the implementation of system services allows an attacker to crash the device.
We encourage users to update their devices.
be secure.
Two SVE vulnerabilities with identifiers SVE-2015-5109 ( Samsung Galaxy S6: android.media.process Face Recognition Memory Corruption ) and SVE-2015-5110 ( Samsung Galaxy S6: libQjpeg je_free Crash ) are Critical type and can allow attackers to remotely execute The code on the device or cause it to turn off. Updates are subject to the company's device models like Galaxy S5, S6, S6 edge, S6 edge +, Note 4, Note 5, Note Edge, which work on Android version 4.4 (KitKat) and higher.
')
The SVE-2015-4958 ( msm_sensor_config security issues ) vulnerability is present in the msm_sensor_config component and allows attackers to perform memory corruption.
The SVE-2015-5081 vulnerability ( Exposed provider and SQLi in SecEmailSync ) in the SecEmailSync component allows ordinary applications to access the contents of the mailbox.
The SVE-2015-5109 vulnerability ( Samsung Galaxy S6: android.media.process Face Recognition Memory Corruption ) in the libfacerecognition face recognition library allows you to execute malicious code by scanning this component with a specially formed BMP image file.
The SVE-2015-5110 vulnerability ( Samsung Galaxy S6: libQjpeg je_free Crash ) in the library libQjpeg.so can be used by attackers for memory corruption.
The SVE-2015-5131 vulnerability ( FRP / RL Bypass issue by hacking tools ) in the bootloader allows various illegitimate tools to bypass the device protection mechanism against a reset called Factory Reset Protection using the Odin protocol.
Vulnerability of SVE-2015-5133 ( IAndroidShm IAPAService service DoS ) in the implementation of system services allows an attacker to crash the device.
We encourage users to update their devices.
be secure.
Source: https://habr.com/ru/post/276117/
All Articles