Samsung's May 2017 Security Update Features 65 Fixes

Samsung has outed the contents of its May 2017 Android security patch that will be pushed out to Samsung devices in the near future, and on top of the latest Android Security Update from Google that ships with 54 fixes, the software package also contains 11 Galaxy-specific vulnerability fixes. On Google's side, the May patch is quite large, and is mostly made up of fixes to core Android components like the Mediaserver and Framework. On Samsung's side, the fixes are mostly patch-ups for exploits that can be used to attack a device. The exploits are all privately disclosed for now, withholding key details of how they work to keep them from being exploited before the patch is fully distributed.

The fixes that Samsung did disclose include a vulnerability that allows a hacker to use a reboot system call to crash a phone, system crash vulnerabilities related to Wi-Fi, holes in Java handling that enables local denial of service attacks, a bug that allowed hackers to disable the location service of locked phones to avoid being tracked down with stolen goods, and a bug in the "tima" service that could lead to a kernel panic if exploited. Outside of Samsung's own people, the company gave special thanks to qihoo360's Vulpecker Team, Kryptowire's Ryan Johnson, and Angelos Stavrou, as well as a private security researcher known only as "Zane".

April's security patch from Samsung was a bit larger in scale, including 19 fixes of their own on top of Google's April patch. A number of notable bugs was eliminated with that update, including GPU driver issues for certain devices, a bug that could be exploited to cause a device to go into a factory reset, and a particularly troublesome permission bug that could leak a user's system log files to a hacker and make it easier for them to steal critical data. As with all Samsung-made patches, this is only the base level of the patch being detailed out, and some devices will get specific fixes as the patch starts rolling out. Some glitches that are privately disclosed may end up being fully disclosed, and some bugs that are confidential for the time being could come to light at a later date.

You May Like These
More Like This:
About the Author
2018/10/Daniel-Fuller-2018.jpg

Daniel Fuller

Senior Staff Writer
Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, voice assistants, AI technology development, and hot gaming news in the Android world. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now