Smartphone giant Samsung has released the full detail of its January 2018 mobile security patch, and along with a number of its own fixes and many from Google, the patch includes six key fixes from outside security researchers. The base Android Security Bulletin from Google is included in the patch, comprised of five critical vulnerability fixes, and a large number of high level fixes. A large number of the fixes from the Android Security Bulletin are not included because they're not applicable to Samsung devices for one reason or another. Samsung provides a grand total of 13 of its own patches in this update that are specifically meant to fix vulnerabilities in Galaxy devices, and it's in this bunch of fixes that the six from outside researchers can be found.
The Samsung-specific fixes on offer run through a range of security levels. Among these, the first critical fix is one meant to keep malicious remote-bound code from executing on a device. Another critical fix pertains to Samsung's Trustlet code, and fixes a stack overflow vulnerability that theoretically could allow attackers to obtain a user's device access data via brute force attacking, like a lockscreen pattern or device password. This one is especially scary because that exact sort of data could allow somebody to access encrypted data on a device. A buffer overflow vulnerability that could cancel out baseband checks and balances on Exynos devices was also patched, protecting them from unauthorized access that includes unlocking the device's bootloader, rooting it, or running unsigned code at boot.
Samsung's newest security patch has not officially made its way to any devices just yet. Samsung's flagship devices like the Galaxy S8 and Galaxy Note 8 are extremely popular in some markets, but its mid-range and budget devices are selling quite well worldwide. Recent patterns have leaned toward mid-rangers like the Galaxy J series getting patches first in recent months, serving a larger swath of Samsung's user base more quickly. This pattern is quite likely to continue for the foreseeable future. This likely means that these devices will see it first, followed by flagships, then finally ultra-budget and older devices.