Updates

List of Samsung devices that will get monthly and quarterly security updates [April]

By Joshua Benjie

Posted on April 7, 2020

Samsung has now revealed the details of the April 2020 security patch. Along with Google security patches, Samsung provides 34 Samsung Vulnerabilities and Exposures (SVE) items, in order to improve customer’s confidence in the security of Samsung Mobile devices.

One UI 3.0: list of eligible Samsung devices that will get the Android 11

In the April 2020 security patch, the company fixed 14 critical vulnerabilities in the Android OS, along with several high and moderate-risk vulnerabilities.

Join our Samsung Channel on Telegram:

Issues fixed in the April 2020 security patch:

Multiples vulnerabilities in Fingerprint trustlet including a possible arbitrary memory overwrite, buffer non-initialize and leakage of address information allow arbitrary code execution. The patch adds proper input validation and buffer initialize, and corrects implementation of kernel logging.
Certain floating icons allow unauthorized access to applications in Secure Folder. The patch adds proper check for applications with floating icon.
A vulnerability allows access to clipboard contents on a locked device via Google Assistant. The patch removes options for showing editing text from the keyboard while the device is locked.
A lack of check for param type in MLDAP trustlet with TEEGRIS allows arbitrary code execution. The patch adds proper check of param type.
An invalid input check vulnerability in MLDAP trustlet with TEEGRIS allows out of bounds read. The patch adds proper boundary check code to prevent out of bounds read.
A vulnerability in NFC allows exposure of potential sensitive information from dumpstate. The patch addresses the log of transaction from NFC.
A vulnerability in recent task leaks preview of applications in Secure Folder while in locked state. The patch addressed the issue in Secure Folder.
A lack of status check logic for Lockdown mode in Edge Lighting application allows notification exposure. The patch adds code to check the Lockdown status in Edge Lighting application.
The Kr00k vulnerability may allow an attacker to decrypt some WPA2-Personal/Enterprise traffic by forcing an AP/client to start utilizing an all-zero encryption key. The patch addressed the issue.