As it always happens in the beginning of the month, the top smartphone makers regarding the timeliness of software update release of the latest available security patches start rolling out the latest fixes through OTA (over-the-air) updates to do this Samsung is one of the most proactive smartphone brands, as it quickly and successfully applies the latest fixes to their security process for a great deal of the smartphones and tablets
On a monthly basis, devices realize the benefits of many upgrades that are essential in user safety and these include also bug fixes which every security update brings. Moreover, this month Samsung has decided to break down the details of the implemented security fixes. Let’s say goodbye to all the problems that were resolved with the last patch available the May 2024 security patches .
Moreover, this month take us back on security upgrades, the manufacturer is very attentive to the protection of its users, and is witnessed by this not only in the flows of updates capable of bringing in new features, and all kinds of improvements on its devices, but also through issuing the latest security updates on a monthly basis.
During this struggle for cyber peace, Samsung is not alone, but is accompanied by Google which is in charge of retrofitting a host of general security fixes for Android gadgets. These are eventually incorporated in the monthly security updates released by the various manufacturers which they apply to their respective devices. This month, therefore, in the update that Samsung is preparing to distribute, there are 33 fixes provided directly by the Mountain View giant applicable as mentioned to all Android devices (two of which are not applicable to Galaxy devices and one already included in previous updates), which we report below in detail:This month, therefore, in the update that Samsung is preparing to distribute, there are 33 fixes provided directly by the Mountain View giant applicable as mentioned to all Android devices (two of which are not applicable to Galaxy devices and one already included in previous updates), which we report below in detail:
Critical risk
CVE-2023-28582, CVE-2024-23706, CVE-2024-23700
High risk
CVE-2024-0042, CVE-2024-20039, CVE-2024-20040, CVE-2024-21463, CVE-2023-33115, CVE-2023-33096, CVE-2023-33103, CVE-2023-33084, CVE-2023-33095, CVE-2023-33104, CVE-2023-33086, CVE-2023-33101, CVE-2023-33100, CVE-2023-33099, CVE-2024-21468, CVE-2024-21472, CVE-2024-0024, CVE-2024-0025, CVE-2024-23705, CVE-2024-23708, CVE-2024-0043, CVE-2024-23707, CVE-2024-23709, CVE-2024-23703, CVE-2024-23701, CVE-2024-23702
Moderate risk
CVE-2024-20021
Moreover, to Galaxy phones’ specific issues, Samsung tops up the security patches from Google with a range of fixes by itself. The security patches for the month of May 2024 embody 12 fixes for the respective 12 vulnerabilities which level of hazard varies from the average. Unlike a detailed description, just a part of which might be enough to exploit them, these are not disclosed altogether. Below is what the company itself shared about the Samsung Vulnerabilities and Exposures (EVS) fixed with the latest available security update:Below is what the company itself shared about the Samsung Vulnerabilities and Exposures (EVS) fixed with the latest available security update:
EVS-2023-1778 (CVE-2024-20866): Setupwizard Introduced Authn bypass vulnerability as (an indicator that medium risk occurred):
SVE-2023-2193 (CVE-2024-20855): Improper access control vulnerability in current multitasking transport system (moderate ratings)
SVE-2023-2265 (CVE-2024-20856): (Secure Folder,) Improper Authentication (moderate risk)
SVE-2024-0041(CVE-2024-20857): Malicious code injection via CocktailBarService interface (there is a moderate layer of risk).
SVE-2024-0042 (CVE-2024-20858): Insufficient allocation of rights to access CocktailBarService (medium risk).
SVE-2024-0070 (CVE-2024-20859): Hackers can exploit improper access control in FactoryCamera to bypass network protection for this (high risk).
SVE-2024-0071(CVE-2024-20860): Also, there is the fact that large gaps exist in the exporting of android application.
SVE-2024-0092(CVE-2024-20861): Use the SveService exploit where the issue is, medium level risk is advised.
EVS-2024-0096(CVE-2024-20862): Holding out-of-bounds write in SveService (with moderate exposure).
EVS-2024-0185(CVE-2024-20863): Number of input validation issue (moderate risk) in the system of SNAP in configuration setting of the autopilot (HAL) is two vulnerabilities present.
SVE-2024-0234(CVE-2024-20865): By What Fault in the Bootstrap loader(Very high risk).
EVS-2024-0357(CVE-2024-20864): The injection defect in AllowAccessControl function (medium risk degree):
Through these latest monthly security patches, the company restores the quality of the old versions of the software by resolving a broad range of problems and issues as the old versions are outdated.