Samsung Mobile Security

<!DOCTYPE html> <html lang="en"> <head>  <meta charset="UTF-8" /> <meta http-equiv='X-UA-Compatible' content='IE=edge' /> <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=no" /> <link rel="stylesheet" href="/jquery/css/basic.css" type="text/css" /> <link rel="stylesheet" href="/./external/attach/css/attachment.css" /> <script src="/./jquery/jquery-1.12.2.js" type="text/javascript"></script> <script src="/./jquery/jquery-ui/jquery-ui.js" type="text/javascript"></script> <script src="/./jquery/validation/sdp.validate.js" type="text/javascript"></script> <script src="/./jquery/jquery.simplemodal.js" type="text/javascript"></script> <script src="/./js/portalCommon.js" type="text/javascript"></script> <script src="/./js/numberFormat.js" type="text/javascript"></script> <script src="/./js/menu.js" type="text/javascript"></script> <script src="/./js/common.js" type="text/javascript"></script> <script src="/./js/commonCalendar.js" type="text/javascript"></script> <script src="/./js/billboard/d3.min.js" charset="utf-8"></script> <script src="/./js/billboard/billboard.min.js"></script> <link href="/./js/billboard/billboard.min.css" rel="stylesheet"> <link rel="stylesheet" href="/css/style.css?ver=20241008_a2" type="text/css" />   <title>Samsung Mobile Security</title> <link rel="shortcut icon" href="./images/common/favicon.ico" type="image/x-icon"> <link rel="icon" href="./images/common/favicon.ico" type="image/x-icon"> <script type="text/javascript"> var contextPath="/."; var language = 'en_US'; // 2022-10-27 session time out check if('' != ""){ sessionCheck(); } var sameSiteVal = ["Lax;", "None; Secure", "stric;"]; document.cookie = 'LANGUAGE=; expires=Thu, 01 Jan 1970 00:00:01 GMT; SameSite='+sameSiteVal[0]; //document.cookie = 'LANGUAGE=; expires=Thu, 01 Jan 1970 00:00:01 GMT;'; var cookieAccept = 'null'; $(document).ready(function() { /* 2023-10-10 버튼 효과 삭제 $(".menu > li").on("click", function(){ $(this).children("a").addClass("on"); }); */ //개인화 메뉴 펼치기 $(".personal_menu").click(function(){ $(".personal_box").slideToggle("fast"); $('.close_search').hide(); $('.wrap_search .wrap_input').hide(); $('.open_search').css('visibility','visible'); }); //mobile_ 메뉴 펼치기 $(".m_btn_menu").click(function(){ $(this).hide(); $('.m_btn_menu_close').show(); $('.wrap_m_menu').slideDown('fast'); $('.back_bg').fadeIn('fast'); }); $(".m_btn_menu_close").click(function(){ $(this).hide(); $('.m_btn_menu').show(); $('.wrap_m_menu').slideUp('fast'); $('.back_bg').fadeOut('fast'); }); //상단 검색 $('.open_search').click(function(){ $(".personal_box").slideUp("fast"); $('.wrap_search .wrap_input').show(); $(this).css('visibility','hidden'); $('.close_search').show(); $('.wrap_search .wrap_input').focus(); }); $('.close_search').click(function(){ $(this).hide(); $('.wrap_search .wrap_input').hide(); $('.open_search').css('visibility','visible'); }); $("#androidUpdatesMobileKey,#androidUpdatesWebKey").keydown(function (key) { if(key.keyCode == 13){//키가 13이면 실행 (엔터는 13) androidUpdatesSearch(this.id); } }); // 20210511 - 메뉴 슬라이드 $(".menu").hover(function(){ $(".submenu").show(); $(".submenu_bar").show(); /* if ($("#header").hasClass("menu_fix")){ } else { $(".submenu").show(); $(".submenu_bar").show(); } */ }).mouseleave(function(){ $(".submenu").hide(); $(".submenu_bar").hide(); }) //menu fixed function eventMenuFix(){ var menu = $('.mh'); var menu_offset = $('.mh').offset(); var submenu = $('.submenu'); $(window).scroll(function(){ if ($(this).scrollTop() >= menu.height() && $(window).width() > 1023){ menu.addClass('menu_fix'); }else { menu.removeClass('menu_fix'); }; }); }; if($(window).width() > 1023){ $('#header').addClass('mh'); eventMenuFix(); }else if($(window).width() < 1023){ $('#header').removeClass('mh'); eventMenuFix(); }; eventMenuFix(); //top btn $(".mtop_wrap button.mtop").click(function(){ $("html, body").animate({scrollTop:0}, 400); }); $("button.wtop").click(function(){ $("html, body").animate({scrollTop:0}, 400); }); // 쿠키 설정 확인 if( cookieAccept != 'Y' ) { //alert('aa'); //$(".fullscreen").removeClass('none'); setTimeout("createCookie()", 1000); } // 20210504 - Cookies Layer $(".txt_link_cookies, .btn_footer_cookie").on("click",function(){ $("#cookies_layer").fadeIn(); }) $("a.btn_cookies_close").on("click",function(){ $("#cookies_layer").fadeOut(); }) // 20210504 - Cookie-banner close $("a.btn_cookie_banner_close").on("click",function(){ $(".fullscreen").fadeOut(); }) }); function createCookie(){ $(".fullscreen").fadeIn(); //$(".fullscreen").slideUp(); } function movePage(pageUrl) { var d = new Date(); var timeZoneHour = d.getTimezoneOffset() / 60; timeZoneHour = -1 * timeZoneHour; $("input[name='timeZoneHour']").val(timeZoneHour); document.menuMoveForm.action=pageUrl; document.menuMoveForm.submit(); } function androidUpdatesSearch(searchObj) { var androidSearchText = $("#"+searchObj).val(); var pattern = /^[a-zA-Z0-9|-]*$/; if(androidSearchText=="") { alert('Please enter the search word.'); } else if(pattern.test(androidSearchText)) { $("#androidSearchText").val(androidSearchText); document.androidUpdatesSearchForm.submit(); } else { alert('You can not enter characters other than uppercase and lowercase letters, numbers, "-".'); } } function goCookieAccept() { var params = {}; $.ajax({ type:'POST', url:'/./cookieAccept.smsb', data:params, dataType:'json', async:false, success:function(ret) { hideLoading(); if( ret.success == true ) { $(".fullscreen").fadeOut(); cookieAccept = 'Y'; } else { alert("Please contact administrator!"); } }, error : function(request, err, ex) { hideLoading(); //alert('Please contact administrator'); alert("Please contact administrator" + "\n" + "code : " + request.status + "\n" + "message : " + request.responseText + "\n" + "error : " + err + "\n" + "ex : " + ex); } }); } function goLogin(){ /* if( cookieAccept != 'Y' ) { $(".fullscreen").fadeIn(); alert('If you continue to submit report, please accept cookies form this site.'); return; } */ var url = '/sa/anonymous/loginPage.do'; openPage(url); } function myFunction() { document.getElementById("myDropdown").classList.toggle("show"); } window.onclick = function(event) { var matches = event.target.matches ? event.target.matches('.dropbtn') : event.target.msMatchesSelector('.dropbtn'); if (!matches) { var dropdowns = document.getElementsByClassName("dropdown-content"); var i; for (i = 0; i < dropdowns.length; i++) { var openDropdown = dropdowns[i]; if (openDropdown.classList.contains('show')) { openDropdown.classList.remove('show'); } } } } </script> <script> </script> </head> <body>  <div class="fullscreen visible"><div class="leica-overlay content-container"><div class="cookie-banner"> <a href="javascript:goCookieAccept();" class="btn_cookie_banner_close" data-role="accept-all-cookies">close</a> <div class="contentlayercontent"> <div class="cookie-banner__body row"> <div class="col"> <p class="cookie_banner_tit">Samsung Mobile Security and Cookies</p> <p>Our site uses essential cookies only. You can read our <a href="./privacy/global/privacy_notice.html" class="txt_link2" title="Privacy Policy" target="_blank">Privacy Policy</a> and <a href="javascript:void(0)" class="txt_link2 txt_link_cookies" title="Cookie Policy">Cookie Policy</a> for more information.</p>  </div>  </div> </div> </div></div></div>  <div id="cookies_layer"> <a href="javascript:void(0);" class="btn_cookies_close">close</a> <div class="cookies_layer_inner"> <h2>Samsung Mobile Security <br>Cookie Policy</h2> <p class="cookies_dates">Updated on Jan 17, 2022</p> <div class="cookies_cont"> <p class="cookies_cont_txt">This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.<br><br> It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.<br><br> Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at <a href="https://www.samsung.com/request-desk" class="txt_link2" target="_blank">https://www.samsung.com/request-desk</a>. </p> <p class="cookies_cont_txt c_center">You can also contact us at:</p> <p class="cookies_cont_txt_box c_center">European Data Protection Officer<br> Samsung Electronics (UK) Limited<br> Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS </p> <h4>Cookies</h4> <p class="cookies_cont_txt">Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.<br><br> We use the following types of cookies on this website:<br><br> <b>Essential Cookies</b>: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided. </p> <div class="cookies_cont_tb"> <table> <thead> <tr> <th>Cookie</th> <th>Domain</th> <th>Purpose</th> </tr> </thead> <tbody> <tr> <td>JSESSIONID</td> <td>security.samsungmobile.com</td> <td>to keep login session</td> </tr> <tr> <td>lastActivityTime</td> <td>security.samsungmobile.com</td> <td>to save the user's last activity time to automatically logout after 30 minutes of inactivity</td> </tr> </tbody> </table> </div> <h4>Managing Cookies and Other Technologies</h4> <p class="cookies_cont_txt">You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at <a href="http://www.allaboutcookies.org" class="txt_link2" target="_blank">http://www.allaboutcookies.org</a>.</p> </div> </div> </div>   <div id="skipnav"> <a href="#gnb">Go straight to the menu</a> <a href="#home">Go straight to the text</a> </div>   <div id="wrap">  <header id="header_wrap"> <div id="header" class="main_header"> <div class="header_inner"> <div class="wrap_top"> <h1 class="logo"><a href="/./main.smsb"><strong>Samsung </strong>Mobile Security</a></h1>  <div class="gnb" id="gnb">  <ul class="menu"> <li><a href="/./workScope.smsb">Security Updates</a> <ul class="submenu"> <li><a href="/./workScope.smsb">Scope</a></li> <li><a href="/./securityUpdate.smsb">Firmware Updates</a></li> <li><a href="/./serviceWeb.smsb">Other Updates</a></li> </ul> </li> <li><a href="/./securityReporting.smsb">Security Reporting</a> <ul class="submenu"> <li><a href="/./securityReporting.smsb">Reporting</a></li> <li><a href="/./securityReportingProcess.smsb">Process</a></li> <li><a href="/./securityReportingRiskClassification.smsb">Severity Classification</a></li> </ul> </li> <li><a href="/./rewardsProgram.smsb">Rewards Program</a> <ul class="submenu"> <li><a href="/./rewardsProgram.smsb">How it works</a></li> <li><a href="/./hallOfFameInfo.smsb">Hall of Fame</a></li> </ul> </li> <li><a href="/./securityPost.smsb">Security Post</a></li> </ul>  <div class="toplink"> <span class="t_btn_login"><a href="javascript:goLogin();" title="Go to login">Login</a></span>  <div class="wrap_search"> <a href="javascript:;" class="open_search">Search</a> <a href="javascript:;" class="close_search" style="display:none">Search Close</a> <div class="wrap_input" style="display:none"> <input id="androidUpdatesWebKey" name="androidUpdatesWebKey" type="text" placeholder="Enter the search word(ex. CVE, SVE.. )" title="search" style="height:100%;border:0px;"> <a href="javascript:androidUpdatesSearch('androidUpdatesWebKey')" class="btn_search">Search</a> </div> </div>   </div> </div>  </div>  <div class="wrap_mobile_menu"> <div class="m_toplink"> <button type="button" class="m_btn_menu" title="Total Menu">Total Menu</button> <button type="button" class="m_btn_menu_close" title="Close the entire menu">Close the entire menu</button> </div> <div class="wrap_m_menu">  <div class="wrap_m_search"> <div class="wrap_input"> <input type="text" id="androidUpdatesMobileKey" name="androidUpdatesMobileKey" placeholder="Enter the search word(ex. CVE, SVE.. )" title="search" style="height:100%;border:0px;"> <a href="javascript:androidUpdatesSearch('androidUpdatesMobileKey')" class="btn_search">Search</a> </div> </div>  <ul class="m_main_menu"> <li><a href="/./workScope.smsb">Security Updates</a></li> <li><a href="/./securityReporting.smsb">Security Reporting</a></li> <li><a href="/./rewardsProgram.smsb">Rewards Program</a></li> <li><a href="/./securityPost.smsb">Security Post</a></li> </ul> <ul class="m_personal_menu"> <li><a href="javascript:goLogin();" title="Go to login">Login</a></li>  </ul> </div> <div class="back_bg"></div> </div>  </div> <div class="submenu_bar"></div> </div> </header>   <style> pre{ padding:10px; overflow: auto; white-space: pre-wrap; /* pre tag내에 word wrap */ } </style> <script type="text/javascript"> document.title = 'Security Updates Other Updates | Samsung Mobile Security'; $(document).ready(function() { $(".menu").find("li:eq(0)").find("a").addClass("on"); //아코디언 $(".accordion_banner .acc_title").click(function(e) { e.preventDefault(); $(".wrap_su_month a").removeClass("on"); var indx = $(this).data().a; var onMonth = $(this).data().b; if($(this).next("div").is(":visible")){ $(this).next("div").slideUp("fast"); $(this).children("a").removeClass("on"); $(this).children("a").attr("title","Detail view open"); //$(".wrap_ack").hide(); } else { $(".acc_sub").slideUp("fast",function() { fnMove(indx); }); $(".acc_title").children("a").removeClass("on"); $(this).next("div").slideToggle("fast",function() { fnMove(indx); }); $(this).children("a").addClass("on"); $(".wrap_su_month > ."+onMonth).addClass("on"); $(this).children("a").attr("title","Detail view closed"); //$(".wrap_ack").show(); } /* var mon = $(this).attr("id"); var showAck = "."+mon; $(".wrap_ack").find("div").hide(); $(showAck).show(); */ }); $(".su_year_box .close").click(function(e){ $(".su_year_box").slideToggle("fast"); }); //년도 닫기 $(".close_year").click(function(e){ $(".su_year_box").slideToggle("fast"); var year=$(this).text(); _search(year); $("#selyearOld").html(year+"<a href='javascript:void(0)' class='open_year'>Open selected window by year</a>"); $("#year").val(year); $(".open_year").click(function(e){ $(".su_year_box").slideToggle("fast"); }); }); //년도 펼치기 $(".open_year").click(function(e){ $(".su_year_box").slideToggle("fast"); }); //년도 펼치기 $(".prev").click(function(e){ var nowYear = $(".close_year:last").text(); var year=$("#selyear").text(); if(nowYear == year){ return; } _search(Number(year)-1); }); $(".next").click(function(e){ var nowYear = $(".close_year:first").text(); var year=$("#selyear").text(); if(nowYear == year){ return; } _search(Number(year)+1); }); /* $(".wrap_su_month .on").click(function(e){ clickMonth($(this).text()); var showAck = "."+$(this).text(); $(".wrap_ack").find("div").hide(); $(showAck).show(); }); */ $(".su_disc_btn").click(function(e){ e.preventDefault(); $("#su_disc").toggleClass('on'); }); //$(".wrap_ack").find("div:first").show(); $(".wrap_su_month a:last").addClass("on"); $(".wrap_su_month a").blur(); $(".acc_title a:first").addClass("on"); $(".acc_title a:first").attr("title","Detail view closed"); $(".acc_sub:first").css("display", "block"); //$('.ent').text($('.ent').html().replace(/<br\s?\/?>/g,"\n")); // var dbTxt = $('.ent').html(); // dbTxt = dbTxt.replace(/<br>/g, '\n'); // $('.ent').text()=dbTxt; var monthArray = ['January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'December'] var pMonth = getParam('month'); if(pMonth) { var $month = $('.wrap_su_month').find('.' + monthArray[pMonth - 1]).not('.on'); if($month.length) { $month.trigger('click'); } } }); // url 에서 parameter 추출 function getParam(sname) { var params = location.search.substr(location.search.indexOf("?") + 1); var sval = ""; params = params.split("&"); for (var i = 0; i < params.length; i++) { temp = params[i].split("="); if ([temp[0]] == sname) { sval = temp[1]; } } return sval; } function _search(year) { var url = openPageUrl('/serviceWeb.smsb'); $("#year").val(year); document.searchForm.action=url; document.searchForm.submit(); $("#year").val(year); } function clickMonth(total,cnt,mon) { var id = "#"+mon; $(".wrap_su_month a").removeClass("on"); if($(id).next("div").is(":visible")){ $(id).next("div").slideUp("fast"); $(id).children("a").removeClass("on"); $(id).attr("tabindex", -1).focus(); $(id).children("a").attr("title","Detail view open"); //$(".wrap_ack").hide(); } else { $(".acc_sub").slideUp("fast",function() { var indx = total - cnt; fnMove(indx) $(id).children("a").addClass("on"); $(".wrap_su_month > ."+mon).addClass("on"); }); $(".acc_title").children("a").removeClass("on"); $(id).next("div").slideToggle("slow",function() { var indx = total - cnt; fnMove(indx); $(id).children("a").addClass("on"); $(".wrap_su_month > ."+mon).addClass("on"); }); $(id).children("a").attr("title","Detail view close"); //$(".wrap_ack").show(); } } function moveCont(total,cnt,mon){ clickMonth(total,cnt,mon); var showAck = "."+mon; //$(".wrap_ack").find("div").hide(); $(showAck).show(); } function fnMove(seq){ var windowWidth = $( window ).width(); var pos = 62; if(windowWidth <1010){ pos = 0; } var offset = $("#" + seq).offset(); $('html, body').animate({scrollTop : offset.top-pos}, 0); } </script> <form id="serviceWeb" name="searchForm" action="/serviceWeb.smsb" method="post"> <input id="year" name="year" type="hidden" value="2024"/>  <div id="container"> <div class="sub_visual_rn"> <span class="svrn1"></span> <div class="breadcrumb_rn"> <div> <a href="/main.smsb" class="ico_home" title="Go to Home" id="home">Home</a><span class="ico_arw">></span><a href="/workScope.smsb">Security Updates</a><span class="ico_arw">></span><em>Other Updates</em> </div> </div> </div> <div class="page_tit"> <h2 class="page_tit_wht">Security Updates</h2> </div> <div class="wrap_sub_menu"> <ul class="sub_menu"> <li><a href="/workScope.smsb"><span>Scope</span></a></li> <li><a href="/securityUpdate.smsb"><span>Firmware Updates</span></a></li> <li class="on"><span>Other Updates</span></a></li> </ul> </div>  <div id="contents"> <div class="list_su_calendar">  <div class="su_calendar"> <div class="su_year"> <div class="su_move"> <a href="javascript:;" class="prev">Move to the previous year</a> <a href="javascript:;" class="next">Move to the next year</a> </div> <div id="selyear" style="display:none">2024</div> <p id="selyearOld">2024<a href="javascript:void(0)" class="open_year">Open selected window by year</a></p> <div class="su_year_box"> <ul> <li class="close_year"><a href="javascript:;">2024</a></li> <li class="close_year"><a href="javascript:;">2023</a></li> <li class="close_year"><a href="javascript:;">2022</a></li> <li class="close_year"><a href="javascript:;">2021</a></li> <li class="close_year"><a href="javascript:;">2020</a></li> <li class="close_year"><a href="javascript:;">2019</a></li> <li class="close_year"><a href="javascript:;">2018</a></li> </ul> <a href="javascript:;" class="close">Close selected window by year</a> </div> <div class="wrap_su_month"> <a class="January" href="javascript:void(0)" onclick="moveCont('11','1','January')">January</a> <a class="February" href="javascript:void(0)" onclick="moveCont('11','2','February')">February</a> <a class="March" href="javascript:void(0)" onclick="moveCont('11','3','March')">March</a> <a class="April" href="javascript:void(0)" onclick="moveCont('11','4','April')">April</a> <a class="May" href="javascript:void(0)" onclick="moveCont('11','5','May')">May</a> <a class="June" href="javascript:void(0)" onclick="moveCont('11','6','June')">June</a> <a class="July" href="javascript:void(0)" onclick="moveCont('11','7','July')">July</a> <a class="August" href="javascript:void(0)" onclick="moveCont('11','8','August')">August</a> <a class="September" href="javascript:void(0)" onclick="moveCont('11','9','September')">September</a> <a class="October" href="javascript:void(0)" onclick="moveCont('11','10','October')">October</a> <a class="November" href="javascript:void(0)" onclick="moveCont('11','11','November')">November</a> </div> </div>  </div>   <div class="list_basic" > <div class="top_section serviceweb" > <p>We truly appreciate the following security researchers for helping us improve the security of our <b>mobile applications</b>, <b>wearable devices</b> and <b>personal computers</b>. We would like to thank them for disclosing the vulnerability reports responsibly and working with us throughout the process.</p> <p>Please note that while we are doing our best to release the security patches as soon as possible to all applicable devices and services, release time of security patches may vary depending on the device version and models or service versions.</p> </div> </div>   <div class="accordion_banner" id="-1" > <div id='0'></div> <div class="wrap_acc"> <div class="acc_title" id="November" data-a="0" data-b="November"><a href="javascript:;" title="Detail view open">NOV-2024 Updates</a></div> <div class="acc_sub"> <font size="3"><strong><font size="5"><br />Android Applications Updates<br /></font></strong><br /></font><div style="padding-left:40px"><strong><font size="4">SVE-2024-1041(CVE-2024-49403): Improper access control in Samsung Voice Recorder</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 21.5.40.37<br />Reported on: May 2, 2024<br />Description: Improper access control in Samsung Voice Recorder prior to version 21.5.40.37 allows physical attackers to access recording files on the lock screen.<br /> The patch adds proper access control.<br />Acknowledgement: Elias Schröder</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-1236(CVE-2024-49404): Improper Access Control in Samsung Video Player</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 7.3.29.1 in Android 12, 7.3.36.1 in Android 13 and 7.3.41.230 in Android 14<br />Reported on: June 2, 2024<br />Description: Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users.<br />The patch adds proper validation.<br />Acknowledgement: Elias Schröder</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-1418(CVE-2024-49405): Improper authentication in Private Info in Samsung Pass</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.4.04.7<br />Reported on: July 10, 2024<br />Description: Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario.<br />The patch adds proper authentication.<br />Acknowledgement: Harsh Tyagi</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-1517(CVE-2024-49406): Improper validation of integrity check value in Blockchain Keystore</font></strong><br /><font size="3"><br />Severity: High<br />Resolved version: 1.3.16<br />Reported on: July 28, 2024<br />Description: Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. Root privilege is required for triggering this vulnerability.<br />The patch adds proper validation logic.<br />Acknowledgement: CertiK Skyfall</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-1550(CVE-2024-49407): Improper access control in Samsung Flow</font></strong><br /><font size="3"><br />Severity: High<br />Resolved version: 4.9.15.7<br />Reported on: August 4, 2024<br />Description: Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to access data across multiple user profiles.<br />The patch adds proper access control.<br />Acknowledgement: Sam of Honor Cyber Security Lab</font></div><br /> </div> </div> <div id='1'></div> <div class="wrap_acc"> <div class="acc_title" id="October" data-a="1" data-b="October"><a href="javascript:;" title="Detail view open">OCT-2024 Updates</a></div> <div class="acc_sub"> <font size="3"> <strong><font size="5"><br />Android Applications Updates<br /></font></strong> <br /> </font><div style="padding-left:40px"> <strong><font size="4">SVE-2024-0761(CVE-2024-34670): Use of implicit intent for sensitive communication in Sound Assistant</font></strong> <br /> <font size="3"> <br />Severity: Moderate <br />Resolved version: 6.1.0.9 <br />Reported on: March 27, 2024 <br />Description: Use of implicit intent for sensitive communication in Sound Assistant prior to version 6.1.0.9 allows local attackers to get sensitive information. <br />The patch removes unnecessary implementation. <br /> Acknowledgement: khilli </font> </div> <br /> <br /> <div style="padding-left:40px"> <strong><font size="4">SVE-2024-0762(CVE-2024-34671): Use of implicit intent for sensitive communication in translation in Samsung Internet</font></strong> <br /> <font size="3"> <br />Severity: Moderate <br />Resolved version: 26.0.3.1 <br />Reported on: March 27, 2024 <br />Description: Use of implicit intent for sensitive communication in translation in Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability. <br />The patch fixes implicit intent to explicit intent. <br /> Acknowledgement: khilli </font> </div> <br /> <br /> <div style="padding-left:40px"> <strong><font size="4">SVE-2024-1221(CVE-2024-34672): Improper input validation in SamsungVideoPlayer</font></strong> <br /> <font size="3"> <br />Severity: High <br />Resolved version: 7.3.29.1 in Android 12, 7.3.36.1 in Android 13 and 7.3.41.230 in Android 14 <br />Reported on: May 30, 2024 <br />Description: Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users. <br />The patch adds proper check logic. <br /> Acknowledgement: ycmint working at ADLab of VenusTech </font> </div> <br /> </div> </div> <div id='2'></div> <div class="wrap_acc"> <div class="acc_title" id="September" data-a="2" data-b="September"><a href="javascript:;" title="Detail view open">SEP-2024 Updates</a></div> <div class="acc_sub"> <font size="3"><strong><font size="5"><br />Android Applications Updates<br /></font></strong><br /></font><div style="padding-left:40px"><strong><font size="4">SVE-2024-0738(CVE-2024-34656): Path traversal in Samsung Notes</font></strong><br /><font size="3"><br />Severity: High<br />Resolved version: 4.4.21.62<br />Reported on: March 25, 2024<br />Description: Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.<br />The patch removes unused code.</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-0786(CVE-2024-34659, CVE-2024-34658, CVE-2024-34657): Stack-based out-of-bounds write in Samsung Notes</font></strong><br /><font size="3"><br />Severity: Critical<br />Resolved version: 4.4.21.62<br />Reported on: April 1, 2024<br />Description: Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code.<br />The patch adds proper input validation.</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-0938(CVE-2024-34660): Heap-based out-of-bounds write in Samsung Notes</font></strong><br /><font size="3"><br />Severity: High<br />Resolved version: 4.4.21.62<br />Reported on: April 16, 2024<br />Description: Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.<br />The patch adds proper input validation.</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-1262(CVE-2024-34661): Improper handling of insufficient permissions in Samsung Assistant</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 9.1.00.7<br />Reported on: June 5, 2024<br />Description: Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability.<br />The patch adds proper permission handling.<br />Acknowledgement: 金峻锋</font></div><br /><font size="3"><strong><font size="5"><br />Other Software Updates<br /></font></strong><br /></font><div style="padding-left:40px"><strong><font size="4">SVE-2024-0537(CVE-2024-49408): Out-of-bounds write in usb driver</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: Firmware update Sep-2024 Release on Galaxy S24<br />Reported on: March 6, 2024<br />Description: Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.<br />The patch adds proper input validation.<br />Acknowledgement: Chao Ma of Baidu AIoT Security Team</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-0555(CVE-2024-49409): Out-of-bounds write in Battery Full Capacity node</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: Firmware update Sep-2024 Release on Galaxy S24<br />Reported on: March 8, 2024<br />Description: Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.<br />The patch adds proper input validation.<br />Acknowledgement: Chao Ma of Baidu AIoT Security Team</font></div><div><font size="3"><br /></font></div><div id="__endic_crx__"><div class="css-diqpy0"></div></div><div id="__endic_crx__"><div class="css-diqpy0"></div></div><div id="__endic_crx__"><div class="css-diqpy0"></div></div> </div> </div> <div id='3'></div> <div class="wrap_acc"> <div class="acc_title" id="August" data-a="3" data-b="August"><a href="javascript:;" title="Detail view open">AUG-2024 Updates</a></div> <div class="acc_sub"> <font size="3"><strong><font size="5"><br />Android Applications Updates<br /></font></strong><br /></font><div style="padding-left:40px"><strong><font size="4">SVE-2023-1705(CVE-2024-34621): Out-of-bounds read in Samsung Notes</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.4.21.62<br />Reported on: September 23, 2023<br />Description: Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.<br />The patch adds proper input validation.<br />Acknowledgement: Ye Zhang (@VAR10CK) of Baidu Security</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-1706(CVE-2024-34622): Out-of-bounds write in Samsung Notes</font></strong><br /><font size="3"><br />Severity: High<br />Resolved version: 4.4.21.62<br />Reported on: September 23, 2023<br />Description: Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege.<br />The patch adds proper input validation.<br />Acknowledgement: Ye Zhang (@VAR10CK) of Baidu Security</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-1707(CVE-2024-34623): Out-of-bounds write in Samsung Notes</font></strong><br /><font size="3"><br />Severity: High<br />Resolved version: 4.4.21.62<br />Reported on: September 23, 2023<br />Description: Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege.<br />The patch adds proper input validation.<br />Acknowledgement: Ye Zhang (@VAR10CK) of Baidu Security</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-1709(CVE-2024-34624): Out-of-bounds read in Samsung Notes</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.4.21.62<br />Reported on: September 23, 2023<br />Description: Out-of-bounds read in applying paragraphs in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.<br />The patch adds proper input validation.<br />Acknowledgement: Ye Zhang (@VAR10CK) of Baidu Security</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-1712(CVE-2024-34625): Out-of-bounds read validation in Samsung Notes</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.4.21.62<br />Reported on: September 23, 2023<br />Description: Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.<br />The patch adds proper input validation.<br />Acknowledgement: Ye Zhang (@VAR10CK) of Baidu Security</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-1713(CVE-2024-34626): Out-of-bounds read in Samsung Notes</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.4.21.62<br />Reported on: September 23, 2023<br />Description: Out-of-bounds read in applying own binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.<br />The patch adds proper input validation.<br />Acknowledgement: Ye Zhang (@VAR10CK) of Baidu Security</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-1715(CVE-2024-34627): Out-of-bounds read in Samsung Notes</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.4.21.62<br />Reported on: September 23, 2023<br />Description: Out-of-bounds read in parsing implemention in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.<br />The patch adds proper input validation.<br />Acknowledgement: Ye Zhang (@VAR10CK) of Baidu Security</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-1716(CVE-2024-34628): Out-of-bounds read in Samsung Notes</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.4.21.62<br />Reported on: September 23, 2023<br />Description: Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.<br />The patch adds proper input validation.<br />Acknowledgement: Ye Zhang (@VAR10CK) of Baidu Security</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-1717(CVE-2024-34629): Out-of-bounds read in Samsung Notes</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.4.21.62<br />Reported on: September 23, 2023<br />Description: Out-of-bounds read in applying binary with text common object in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.<br />The patch adds proper input validation.<br />Acknowledgement: Ye Zhang (@VAR10CK) of Baidu Security</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-1719(CVE-2024-34630): Out-of-bounds read in Samsung Notes</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.4.21.62<br />Reported on: September 23, 2023<br />Description: Out-of-bounds read in applying own binary with textbox in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.<br />The patch adds proper input validation.<br />Acknowledgement: Ye Zhang (@VAR10CK) of Baidu Security</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-1721(CVE-2024-34631): Out-of-bounds read in Samsung Notes</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.4.21.62<br />Reported on: September 23, 2023<br />Description: Out-of-bounds read in applying new binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.<br />The patch adds proper input validation.<br />Acknowledgement: Ye Zhang (@VAR10CK) of Baidu Security</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-1726(CVE-2024-34632): Out-of-bounds read in Samsung Notes</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.4.21.62<br />Reported on: September 25, 2023<br />Description: Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.<br />The patch adds proper boundary check.<br />Acknowledgement: Ye Zhang (@VAR10CK) of Baidu Security</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-1727(CVE-2024-34633): Out-of-bounds read in Samsung Notes</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.4.21.62<br />Reported on: September 25, 2023<br />Description: Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.<br />The patch adds proper boundary check.<br />Acknowledgement: Ye Zhang (@VAR10CK) of Baidu Security</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-1734(CVE-2024-34634): Out-of-bounds read in Samsung Notes</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.4.21.62<br />Reported on: September 26, 2023<br />Description: Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.<br />The patch adds proper boundary check.<br />Acknowledgement: Ye Zhang (@VAR10CK) of Baidu Security</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-1735(CVE-2024-34635): Out-of-bounds read in Samsung Notes</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.4.21.62<br />Reported on: September 26, 2023<br />Description: Out-of-bounds read in parsing textbox object in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.<br />The patch adds proper boundary check.<br />Acknowledgement: Ye Zhang (@VAR10CK) of Baidu Security</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-0979(CVE-2024-34636): Use of implicit intent for sensitive communication in Samsung Email</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 6.1.94.2<br />Reported on: April 20, 2024<br />Description: Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows local attackers to get sensitive information.<br />The patch adds proper configuration.<br />Acknowledgement: khilli</font></div><br style="font-size:medium" /><strong style="font-size:medium"><font size="5"><br />PC Updates<br /></font></strong><br style="font-size:medium" /><div style="font-size:medium;padding-left:40px"><font size="3">Intel patches are included in this Security Maintenance Release with the following CVE item:</font><br /><br /><strong><font size="4">Moderate</font></strong><br />CVE-2024-23198, CVE-2024-24984, CVE-2024-25563, CVE-2024-28049<br /><br /><i>※ Please see Intel Product Security Center Advisories for detailed information on Intel patches.</i></div><br /><div id="__endic_crx__"><div class="css-diqpy0"></div></div> </div> </div> <div id='4'></div> <div class="wrap_acc"> <div class="acc_title" id="July" data-a="4" data-b="July"><a href="javascript:;" title="Detail view open">JUL-2024 Updates</a></div> <div class="acc_sub"> <font size="3"><strong><font size="5"><br />Android Applications Updates<br /></font></strong><br /></font><div style="padding-left:40px"><strong><font size="4">SVE-2023-2192(CVE-2024-34596): Improper authentication in SmartThings</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 1.8.17<br />Reported on: December 1, 2023<br />Description: Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.<br />The patch adds proper check logic.<br />Acknowledgement: rice12-tracker</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-0458(CVE-2024-34597): Improper input validation in Samsung Health</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 6.27.0.113<br />Reported on: February 23, 2024<br />Description: Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability.<br />The patch adds proper caller verification logic.<br />Acknowledgement: hackhackdump</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-0973(CVE-2024-34598): Improper export of component in GoodLock</font></strong><br /><font size="3"><br />Severity: High<br />Resolved version: 2.2.04.95<br />Reported on: April 20, 2024<br />Description: Improper export of component in GoodLock prior to version 2.2.04.95 allows local attackers to install arbitrary applications from Galaxy Store.<br />The patch adds proper access control.<br />Acknowledgement: khilli</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-0974(CVE-2024-34599): Improper input validation in Tips</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 6.2.9.4<br />Reported on: April 20, 2024<br />Description: Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to send broadcast with Tips' privilege.<br />The patch removes unused code.<br />Acknowledgement: khilli</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-0985(CVE-2024-34600): Improper verification of intent by broadcast receiver vulnerability in Samsung Flow</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.9.13.0<br />Reported on: April 20, 2024<br />Description: Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage.<br />The patch adds proper caller verification logic.<br />Acknowledgement: Dawuge</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-1172(CVE-2024-34601): Improper verification of intent by broadcast receiver vulnerability in GalaxyStore</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.5.81.0<br />Reported on: May 21, 2024<br />Description: Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore.<br />The patch adds proper caller verification logic.<br />Acknowledgement: hackhackdump</font></div><br /> </div> </div> <div id='5'></div> <div class="wrap_acc"> <div class="acc_title" id="June" data-a="5" data-b="June"><a href="javascript:;" title="Detail view open">JUN-2024 Updates</a></div> <div class="acc_sub"> <font size="3"><strong><font size="5"><br />PC Updates<br /></font></strong><br /></font><div style="padding-left:40px"><strong><font size="4">SVE-2023-1895(CVE-2024-20886): Arbitrary directory creation in Samsung Live Wallpaper PC</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 3.3.8.0<br />Reported on: October 15, 2023<br />Description: Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary directory.<br />The patch adds proper logic to block arbitrary directory creation.<br />Acknowledgement: HeeChan Kim (@heegong123) of TeamH4C</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-2370(CVE-2024-20887): Arbitrary directory creation in GalaxyBudsManager PC</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 2.1.240315.51<br />Reported on: December 22, 2023<br />Description: Arbitrary directory creation in GalaxyBudsManager PC prior to version 2.1.240315.51 allows attacker to create arbitrary directory.<br />The patch adds proper logic to block arbitrary directory creation.<br />Acknowledgement: HeeChan Kim (@heegong123) of TeamH4C</font></div><br /> </div> </div> <div id='6'></div> <div class="wrap_acc"> <div class="acc_title" id="May" data-a="6" data-b="May"><a href="javascript:;" title="Detail view open">MAY-2024 Updates</a></div> <div class="acc_sub"> <strong style="font-size:medium"><font size="5"><br />Android Applications Updates<br /></font></strong><span style="font-size:medium"></span><br style="font-size:medium" /><div style="font-size:medium;padding-left:40px"><strong><font size="4">SVE-2023-1593(CVE-2024-20867): Improper privilege management vulnerability in Samsung Email</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 6.1.91.14<br />Reported on: August 31, 2023<br />Description: Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information.<br />The patch modifies the user account authorization logic.<br />Acknowledgement: Ostorlab</font></div><br style="font-size:medium" /><br style="font-size:medium" /><div style="font-size:medium;padding-left:40px"><strong><font size="4">SVE-2023-1837(CVE-2024-20868): Improper input validation vulnerability in Samsung Notes</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.4.15<br />Reported on: October 12, 2023<br />Description: Improper input validation in Samsung Notes prior to version 4.4.15 allows local attackers to delete files with Samsung Notes privilege under certain conditions.<br />The patch adds proper input validation logic.<br />Acknowledgement: Dawuge</font></div><br style="font-size:medium" /><br style="font-size:medium" /><div style="font-size:medium;padding-left:40px"><strong><font size="4">SVE-2024-0043(CVE-2024-20869): Improper privilege management vulnerability in Samsung Internet</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 25.0.0.41<br />Reported on: January 5, 2024<br />Description: Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies.<br />The patch remove improper handling origin logic.<br />Acknowledgement: Narendra Bhati - Manager Of Cyber Security at Suma Soft Pvt Ltd India -twitter.com/imnarendrabhati</font></div><br style="font-size:medium" /><br style="font-size:medium" /><div style="font-size:medium;padding-left:40px"><strong><font size="4">SVE-2024-0403(CVE-2024-20870): Improper verification of intent by broadcast receiver vulnerability in Galaxy Store</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.5.71.8<br />Reported on: February 18, 2024<br />Description: Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.<br />The patch adds proper caller verification logic to prevent improper access.<br />Acknowledgement: Dawuge</font></div><br style="font-size:medium" /><strong style="font-size:medium"><font size="5"><br />Other Software Updates<br /></font></strong><br style="font-size:medium" /><div style="font-size:medium;padding-left:40px"><font size="3">Samsung Semiconductor patch is also included in select Exynos chipsets with the following CVE item:</font><br /><br /><strong><font size="4">Moderate</font></strong><br />CVE-2024-20821 <br /><br /><i>※ Please see Samsung Semiconductor <a href="https://semiconductor.samsung.com/support/quality-support/product-security-updates" style="color:blue" rel="nofollow">Product Security Update</a> for detailed information on Samsung Semiconductor patches.</i></div><br style="font-size:medium" /><br style="font-size:medium" /><div style="font-size:medium;padding-left:40px"><strong><font size="4">SVE-2023-0881(CVE-2024-20871): Improper </font></strong><b style="font-size:10pt"><span style="font-size:13.5pt;line-height:107%;font-family:'arial' , sans-serif">authorization</span></b><strong><font size="4"> vulnerability in Samsung Keyboard</font></strong></div><div style="font-size:medium;padding-left:40px"><font size="3"><br />Severity: Moderate<br />Resolved version: One UI 5.1.1<br />Reported on: May 19, 2023<br />Description: Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection.<br />The patch block the usage of context menu.<br />Acknowledgement: SeungHyun Cho @netkingj</font></div><br style="font-size:medium" /><br style="font-size:medium" /><div style="font-size:medium;padding-left:40px"><strong><font size="4">SVE-2023-0968(CVE-2024-20872): Improper handling of insufficient privileges vulnerability in TalkbackSE</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: Android 14<br />Reported on: June 3, 2023<br />Description: Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE.<br />The patch adds proper permission to prevent unauthorized access.</font></div><div><font size="3"></font></div><br style="font-size:medium" /><strong style="font-size:medium"><font size="5"><br />PC Updates<br /></font></strong><br style="font-size:medium" /><div style="font-size:medium;padding-left:40px"><font size="3">Intel patches are included in this Security Maintenance Release with the following CVE item:</font><br /><br /><strong><font size="4">High</font></strong><br />CVE-2023-38654<br /><br /><strong><font size="4">Moderate</font></strong><br />CVE-2023-38417, CVE-2023-40536, CVE-2023-45845, CVE-2023-47210, CVE-2023-47859<br /><br /><i>※ Please see Intel Product Security Center Advisories for detailed information on Intel patches.</i></div><br /> </div> </div> <div id='7'></div> <div class="wrap_acc"> <div class="acc_title" id="April" data-a="7" data-b="April"><a href="javascript:;" title="Detail view open">APR-2024 Updates</a></div> <div class="acc_sub"> <font size="3"><strong><font size="5"><br />Android Applications Updates<br /></font></strong><br /></font><div style="padding-left:40px"><strong><font size="4">SVE-2023-2086(CVE-2024-20850): Use of Implicit Intent for Sensitive Communication in Samsung Pay</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 5.4.99<br />Reported on: November 17, 2023<br />Description: Use of Implicit Intent for Sensitive Communication in Samsung Pay prior to version 5.4.99 allows local attackers to access information of Samsung Pay.<br />The patch adds a proper access control.<br />Acknowledgement: Illia Khorolskyi</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-2372(CVE-2024-20851): Improper access control vulnerability in Samsung Data Store</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 5.3.00.4<br />Reported on: December 23, 2023<br />Description: Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local attackers to launch arbitrary activity with Samsung Data Store privilege.<br />The patch removes unused code.<br />Acknowledgement: hackhackdump</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-0210(CVE-2024-20852): Improper verification of intent by broadcast receiver vulnerability in SmartThings</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 1.8.13.22<br />Reported on: January 24, 2024<br />Description: Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configuration.<br />The patch adds proper access control.<br />Acknowledgement: balance</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-0405(CVE-2024-20853): Improper verification of intent by broadcast receiver vulnerability in ThemeStore</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 5.3.05.2<br />Reported on: February 19, 2024<br />Description: Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore.<br />The patch adds proper caller verification logic to prevent improper access.<br />Acknowledgement: Dawuge</font></div><br /><strong><font size="5"><br />Other Software Updates<br /></font></strong><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-2191(CVE-2024-20854): Improper handling of insufficient privileges vulnerability in Samsung Camera</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 12.1.0.31 in Android 12, 13.1.02.07 in Android 13, and 14.0.01.06 in Android 14<br />Reported on: November 30, 2023<br />Description: Improper handling of insufficient privileges vulnerability in Samsung Camera prior to versions 12.1.0.31 in Android 12, 13.1.02.07 in Android 13, and 14.0.01.06 in Android 14 allows local attackers to access image data.<br />The patch adds proper permission to prevent unauthorized access.<br />Acknowledgement: Dawuge</font></div><br /> </div> </div> <div id='8'></div> <div class="wrap_acc"> <div class="acc_title" id="March" data-a="8" data-b="March"><a href="javascript:;" title="Detail view open">MAR-2024 Updates</a></div> <div class="acc_sub"> <font size="3"> <strong><font size="5"><br />Android Applications Updates<br /></font></strong> <br /> </font><div style="padding-left:40px"> <strong><font size="4">SVE-2023-0472(CVE-2024-20829): Missing proper interaction for opening deeplink in Samsung Internet</font></strong> <br /> <font size="3"> <br />Severity: High <br />Resolved version: v24.0.0.0 <br />Reported on: March 23, 2023 <br />Description: Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction. <br />The patch adds a proper user interaction. <br /> Acknowledgement: Sazzad Mahmud Tomal </font> </div> <br /> <br /> <div style="padding-left:40px"> <strong><font size="4">SVE-2023-0978(CVE-2024-20837): Improper handling of granting permission in Samsung Internet</font></strong> <br /> <font size="3"> <br />Severity: Moderate <br />Resolved version: v24.0.0.41 <br />Reported on: June 5, 2023 <br />Description: Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction. <br />The patch add proper logic to prevent user interaction bypass <br /> Acknowledgement: Zak Brighton Knight </font> </div> <br /> <br /> <div style="padding-left:40px"> <strong><font size="4">SVE-2023-2070(CVE-2024-20838): Improper validation vulnerability in Samsung Internet</font></strong> <br /> <font size="3"> <br />Severity: High <br />Resolved version: 24.0.3.2 <br />Reported on: November 15, 2023 <br />Description: Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code. <br />The patch adds proper validation to prevent unauthorized access. <br /> Acknowledgement: blunt </font> </div> <br /> <br /> <div style="padding-left:40px"> <strong><font size="4">SVE-2023-2249(CVE-2024-20839): Improper access control in Samsung Voice Recorder</font></strong> <br /> <font size="3"> <br />Severity: Moderate <br />Resolved version: 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 <br />Reported on: December 9, 2023 <br />Description: Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock screen. <br />The patch adds proper access control in Samsung Voice Recorder. <br /> Acknowledgement: Elias Schröder </font> </div> <br /> <br /> <div style="padding-left:40px"> <strong><font size="4">SVE-2023-2250(CVE-2024-20840): Improper Access Control in Samsung Voice Recorder</font></strong> <br /> <font size="3"> <br />Severity: Moderate <br />Resolved version: 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 <br />Reported on: December 9, 2023 <br />Description: Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers using hardware keyboard to use VoiceRecorder on the lock screen. <br />The patch adds proper access control in Samsung Voice Recorder. <br /> Acknowledgement: Elias Schröder </font> </div> <br /> <br /> <div style="padding-left:40px"> <strong><font size="4">SVE-2023-2339(CVE-2024-20841): Improper Handling of Insufficient Privileges in Samsung Account</font></strong> <br /> <font size="3"> <br />Severity: Moderate <br />Resolved version: 14.8.00.3 <br />Reported on: December 20, 2023 <br />Description: Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data. <br />The patch adds proper permission to prevent unauthorized access. <br /> Acknowledgement: Dawuge </font> </div> <br /> </div> </div> <div id='9'></div> <div class="wrap_acc"> <div class="acc_title" id="February" data-a="9" data-b="February"><a href="javascript:;" title="Detail view open">FEB-2024 Updates</a></div> <div class="acc_sub"> <font size="3"><strong><font size="5"><br />Android Applications Updates<br /></font></strong><br /></font><div style="padding-left:40px"><strong><font size="4">SVE-2023-0774(CVE-2024-20825, CVE-2024-20824, CVE-2024-20823, CVE-2024-20822): Implicit intent hijacking vulnerability in Galaxy Store</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.5.63.6<br />Reported on: May 4, 2023<br />Description: Implicit intent hijacking vulnerability in Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.<br />The patch changes implicit intent to explicit intent.<br />Acknowledgement: Oversecured (oversecured.com)</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-1112(CVE-2024-20826): Implicit intent hijacking vulnerability in UPHelper library</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.0.0<br />Reported on: June 20, 2023<br />Description: Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent.<br />The patch changes implicit intent to explicit intent.<br />Acknowledgement: Oversecured (oversecured.com)</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-1781(CVE-2024-20827): Improper access control vulnerability in Samsung Gallery</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 14.5.04.4<br />Reported on: October 10, 2023<br />Description: Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen.<br />The patch prevents menu access by physical keyboard in locked device<br />Acknowledgement: Elias Schröder</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-2275(CVE-2024-20828): Improper authorization verification vulnerability in Samsung Internet</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 24.0<br />Reported on: December 12, 2023<br />Description: Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.<br />The patch adds proper authorization verification logic to prevent unauthorized access.<br />Acknowledgement: KRISHAN KUMAR</font></div><br /> </div> </div> <div id='10'></div> <div class="wrap_acc"> <div class="acc_title" id="January" data-a="10" data-b="January"><a href="javascript:;" title="Detail view open">JAN-2024 Updates</a></div> <div class="acc_sub"> <font size="3"><strong><font size="5"><br />Android Applications Updates<br /></font></strong><br /></font><div style="padding-left:40px"><strong><font size="4">SVE-2023-0956(CVE-2024-20807): Implicit intent hijacking vulnerability in Samsung Email</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 6.1.90.16<br />Reported on: June 2, 2023<br />Description: Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows attacker to get sensitive information.<br />The patch change the implicit intent to explicit intent.<br />Acknowledgement: Oversecured (oversecured.com)</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-1990(CVE-2024-20808): Improper access control vulnerability in Nearby device scanning</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 11.1.14.7<br />Reported on: October 31, 2023<br />Description: Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.<br />The patch adds proper access control.<br />Acknowledgement: Dawuge</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2023-1991(CVE-2024-20809): Improper access control vulnerability in Nearby device scanning</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 11.1.14.7<br />Reported on: October 31, 2023<br />Description: Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.<br />The patch adds proper access control.<br />Acknowledgement: Dawuge</font></div><br /> </div> </div> </div>  </div> </div>  </div>  </form>  <footer id="footer"> <div class="in"> <div class="sitemap"> <p>SITE MAP</p> <ul> <li><a href="/workScope.smsb">Security Updates</a></li> <li><a href="/securityReporting.smsb">Security Reporting</a></li> <li><a href="/rewardsProgram.smsb">Rewards Program</a></li> <li><a href="/securityPost.smsb">Security Post</a></li> </ul> </div> <div class="site_link"> <div class="dropdown"><button type="button" class="dropbtn_none btn_footer_cookie" title="Cookie Policy">Cookie Policy</button></div> <div class="dropdown"> <button onclick="myFunction()" class="dropbtn" title="Privacy Policy">Privacy Policy</button> <div id="myDropdown" class="dropdown-content"> <a href="./privacy/global/privacy_notice.html" target="_blank" title="Global">Global</a> <a href="./privacy/us/privacy_notice_us.html" target="_blank" title="US">US</a> <a href="./privacy/eu/privacy_notice_eu.html" target="_blank" title="EU">EU</a> <a href="./privacy/latin/privacy_notice_latin.html" target="_blank" title="Latin America">Latin America</a> <a href="./privacy/korea/privacy_notice_korea.html" target="_blank" title="Korea">Korea</a> <a href="./privacy/brazil/privacy_notice_brazil.html" target="_blank" title="Brazil">Brazil</a> <a href="./privacy/turkey/privacy_notice_turkey.html" target="_blank" title="Turkey">Turkey</a> <a href="./privacy/vietnam/privacy_notice_vietnam.html" target="_blank" title="Vietnam">Vietnam</a> </div> </div> <div class="dropdown"><button type="button" onclick="location.href='http://www.samsung.com'" class="dropbtn_none" title="Samsung.com site new window">Samsung.com</button></div> </div> <button class="wtop" type="button" title="Move the screen to the top">Top</button> <span class="copy">Copyright© 2017 SAMSUNG All Rights Reserved.</span> </div> </footer>  </div>  <form method="post" name="menuMoveForm" id="menuMoveForm" action="/myRequest.smsr" > <input type="hidden" id="timeZoneHour" name="timeZoneHour" value="0" title="timeZoneHour"> <input type="hidden" id="portalIssue" name="portalIssue" value="0" title="portalIssue"> <input type="hidden" id="draftId" name="draftId" value="0" title="draftId"> </form> <form method="post" name="androidUpdatesSearchForm" id="androidUpdatesSearchForm" action="/androidUpdatesSearch.smsb" > <input type="hidden" id="androidSearchText" name="androidSearchText" value="" title="timeZoneHour"> </form> <script type="text/javascript" src="/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1833969445" async></script></body> </html>

CINXE.COM

Samsung Mobile Security