Samsung details March 2019 security patch


Samsung details March 2019 security patch

Samsung has released the security patch details for March 2019, which fixes the different level of exploits and issues within Samsung phones. There are issues with the operating system, kernel patches, and driver updates may not affect any particular device, but need to be fixed in the Android operating system covered by monthly updates. Samsung is releasing a maintenance release for its phones as part of the monthly Security Maintenance Release (SMR) process.

This month's SMR package includes patches from Google and Samsung, providing fixes to 11 Samsung Vulnerabilities and Exposures (SVE) items, some of them are followings:

TCP SYN Packet Denial of Service Vulnerability on the WIFI Interface:

Severity - High

Vulnerability - A vulnerability in WIFI allows denial of service due to memory exhaustion from TCP SYN flooding attack.

Fix - The patch prevents memory exhaustion when TCP SYN flooding attack is detected.

Unauthorized access to sensitive information in Allshare:

Severity - High

Vulnerability - A vulnerability in Allshare fileshare service allows unauthorized access to device sensitive information.

Fix - The patch modifies the storage path of device information to sandboxed area for protection.

 



 

Leakage of private mode content's thumbnail:

Severity - Moderate

Vulnerability - A vulnerability in Gallery leaks Private Mode thumbnail contents.

Fix - The patch modifies handling of cache file to disabled access to Private Mode.

Preview exposure of Secure Folder:

Severity - Moderate

Vulnerability - A vulnerability in Secure Folder allows exposure of preview in recent apps.

Fix - The patch fixes Secure Folder to protect preview in recent apps.

Unpinning of app without authentication:

Severity - Moderate

Vulnerability - A vulnerability in Pin Window feature allows unpinning of app without authentication.

Fix - The patch fixes Pin Windows to enforce authentication when unpinning the app.

Secure startup bug:

Severity - Moderate

Vulnerability - A vulnerability in Secure Startup feature allows exposure of keyboard suggested words.

Fix - The patch blocks Samsung Keyboard from showing suggested words in the Secure Startup.

Security settings modifications without authentication:

Severity - High

Vulnerability - A vulnerability in Settings allows security settings modifications without authentication via certain unprivileged activities.

Fix - The patch fixes Settings to protect component from unprivileged activities.