<!DOCTYPE html> <html lang="en"> <head> <!--HTTP 1.1--> <meta charset="UTF-8" /> <meta http-equiv='X-UA-Compatible' content='IE=edge' /> <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=no" /> <link rel="stylesheet" href="/jquery/css/basic.css;jsessionid=pNCP2ltQlsm7vaLh87RFyWWvKmzraTCOop8ATupG.bbportal1" type="text/css" /> <link rel="stylesheet" href="/./external/attach/css/attachment.css" /> <script src="/./jquery/jquery-1.12.2.js" type="text/javascript"></script> <script src="/./jquery/jquery-ui/jquery-ui.js" type="text/javascript"></script> <script src="/./jquery/validation/sdp.validate.js" type="text/javascript"></script> <script src="/./jquery/jquery.simplemodal.js" type="text/javascript"></script> <script src="/./js/portalCommon.js" type="text/javascript"></script> <script src="/./js/numberFormat.js" type="text/javascript"></script> <script src="/./js/menu.js" type="text/javascript"></script> <script src="/./js/common.js" type="text/javascript"></script> <script src="/./js/commonCalendar.js" type="text/javascript"></script> <script src="/./js/billboard/d3.min.js" charset="utf-8"></script> <script src="/./js/billboard/billboard.min.js"></script> <link href="/./js/billboard/billboard.min.css" rel="stylesheet"> <link rel="stylesheet" href="/css/style.css;jsessionid=pNCP2ltQlsm7vaLh87RFyWWvKmzraTCOop8ATupG.bbportal1?ver=20250107a1" type="text/css" /> <!-- <link rel="stylesheet" href="/css/error.css;jsessionid=pNCP2ltQlsm7vaLh87RFyWWvKmzraTCOop8ATupG.bbportal1" type="text/css" /> --> <!--[if IE]> <script src="/./js/html5.js"></script> <![endif]--> <title>Samsung Mobile Security</title> <link rel="shortcut icon" href="./images/common/favicon.ico" type="image/x-icon"> <link rel="icon" href="./images/common/favicon.ico" type="image/x-icon"> <script type="text/javascript"> var contextPath="/."; var language = 'en_US'; // 2022-10-27 session time out check if('' != ""){ sessionCheck(); } var sameSiteVal = ["Lax;", "None; Secure", "stric;"]; document.cookie = 'LANGUAGE=; expires=Thu, 01 Jan 1970 00:00:01 GMT; SameSite='+sameSiteVal[0]; //document.cookie = 'LANGUAGE=; expires=Thu, 01 Jan 1970 00:00:01 GMT;'; var cookieAccept = 'null'; $(document).ready(function() { /* 2023-10-10 버튼 효과 삭제 $(".menu > li").on("click", function(){ $(this).children("a").addClass("on"); }); */ //개인화 메뉴 펼치기 $(".personal_menu").click(function(){ $(".personal_box").slideToggle("fast"); $('.close_search').hide(); $('.wrap_search .wrap_input').hide(); $('.open_search').css('visibility','visible'); }); //mobile_ 메뉴 펼치기 $(".m_btn_menu").click(function(){ $(this).hide(); $('.m_btn_menu_close').show(); $('.wrap_m_menu').slideDown('fast'); $('.back_bg').fadeIn('fast'); }); $(".m_btn_menu_close").click(function(){ $(this).hide(); $('.m_btn_menu').show(); $('.wrap_m_menu').slideUp('fast'); $('.back_bg').fadeOut('fast'); }); //상단 검색 $('.open_search').click(function(){ $(".personal_box").slideUp("fast"); $('.wrap_search .wrap_input').show(); $(this).css('visibility','hidden'); $('.close_search').show(); $('.wrap_search .wrap_input').focus(); }); $('.close_search').click(function(){ $(this).hide(); $('.wrap_search .wrap_input').hide(); $('.open_search').css('visibility','visible'); }); $("#androidUpdatesMobileKey,#androidUpdatesWebKey").keydown(function (key) { if(key.keyCode == 13){//키가 13이면 실행 (엔터는 13) androidUpdatesSearch(this.id); } }); // 20210511 - 메뉴 슬라이드 $(".menu").hover(function(){ $(".submenu").show(); $(".submenu_bar").show(); /* if ($("#header").hasClass("menu_fix")){ } else { $(".submenu").show(); $(".submenu_bar").show(); } */ }).mouseleave(function(){ $(".submenu").hide(); $(".submenu_bar").hide(); }) //menu fixed function eventMenuFix(){ var menu = $('.mh'); var menu_offset = $('.mh').offset(); var submenu = $('.submenu'); $(window).scroll(function(){ if ($(this).scrollTop() >= menu.height() && $(window).width() > 1023){ menu.addClass('menu_fix'); }else { menu.removeClass('menu_fix'); }; }); }; if($(window).width() > 1023){ $('#header').addClass('mh'); eventMenuFix(); }else if($(window).width() < 1023){ $('#header').removeClass('mh'); eventMenuFix(); }; eventMenuFix(); //top btn $(".mtop_wrap button.mtop").click(function(){ $("html, body").animate({scrollTop:0}, 400); }); $("button.wtop").click(function(){ $("html, body").animate({scrollTop:0}, 400); }); // 쿠키 설정 확인 if( cookieAccept != 'Y' ) { //alert('aa'); //$(".fullscreen").removeClass('none'); setTimeout("createCookie()", 1000); } // 20210504 - Cookies Layer $(".txt_link_cookies, .btn_footer_cookie").on("click",function(){ $("#cookies_layer").fadeIn(); }) $("a.btn_cookies_close").on("click",function(){ $("#cookies_layer").fadeOut(); }) // 20210504 - Cookie-banner close $("a.btn_cookie_banner_close").on("click",function(){ $(".fullscreen").fadeOut(); }) }); function createCookie(){ $(".fullscreen").fadeIn(); //$(".fullscreen").slideUp(); } function movePage(pageUrl) { var d = new Date(); var timeZoneHour = d.getTimezoneOffset() / 60; timeZoneHour = -1 * timeZoneHour; $("input[name='timeZoneHour']").val(timeZoneHour); document.menuMoveForm.action=pageUrl; document.menuMoveForm.submit(); } function androidUpdatesSearch(searchObj) { var androidSearchText = $("#"+searchObj).val(); var pattern = /^[a-zA-Z0-9|-]*$/; if(androidSearchText=="") { alert('Please enter the search word.'); } else if(pattern.test(androidSearchText)) { $("#androidSearchText").val(androidSearchText); document.androidUpdatesSearchForm.submit(); } else { alert('You can not enter characters other than uppercase and lowercase letters, numbers, "-".'); } } function goCookieAccept() { var params = {}; $.ajax({ type:'POST', url:'/./cookieAccept.smsb', data:params, dataType:'json', async:false, success:function(ret) { hideLoading(); if( ret.success == true ) { $(".fullscreen").fadeOut(); cookieAccept = 'Y'; } else { alert("Please contact administrator!"); } }, error : function(request, err, ex) { hideLoading(); //alert('Please contact administrator'); alert("Please contact administrator" + "\n" + "code : " + request.status + "\n" + "message : " + request.responseText + "\n" + "error : " + err + "\n" + "ex : " + ex); } }); } function goLogin(){ /* if( cookieAccept != 'Y' ) { $(".fullscreen").fadeIn(); alert('If you continue to submit report, please accept cookies form this site.'); return; } */ var url = '/sa/anonymous/loginPage.do'; openPage(url); } function myFunction() { document.getElementById("myDropdown").classList.toggle("show"); } window.onclick = function(event) { var matches = event.target.matches ? event.target.matches('.dropbtn') : event.target.msMatchesSelector('.dropbtn'); if (!matches) { var dropdowns = document.getElementsByClassName("dropdown-content"); var i; for (i = 0; i < dropdowns.length; i++) { var openDropdown = dropdowns[i]; if (openDropdown.classList.contains('show')) { openDropdown.classList.remove('show'); } } } } </script> <script> </script> </head> <body> <!-- Cookie 설정 --> <div class="fullscreen visible"><div class="leica-overlay content-container"><div class="cookie-banner"> <a href="javascript:goCookieAccept();" class="btn_cookie_banner_close" data-role="accept-all-cookies">close</a> <div class="contentlayercontent"> <div class="cookie-banner__body row"> <div class="col"> <p class="cookie_banner_tit">Samsung Mobile Security and Cookies</p> <p>Our site uses essential cookies only. You can read our <a href="/./privacy/global/privacy_notice.html" class="txt_link2" title="Privacy Policy" target="_blank">Privacy Policy</a> and <a href="javascript:void(0)" class="txt_link2 txt_link_cookies" title="Cookie Policy">Cookie Policy</a> for more information.</p> <!--<p>This site uses cookies to provide you the best user experience possible with optimized functionality. By continuing to use this site, you accept our <a href="./etc/cookiePreferences.html" class="txt_link2" title="Cookie Preferences">use of cookies</a>//--> </div> <!-- <div class="col span12"> <a href="javascript:goCookieAccept();" class="button" data-role="accept-all-cookies">Accept</a> </div> //--> </div> </div> </div></div></div> <!-- 210504 - Cookies Layer Popup --> <div id="cookies_layer"> <a href="javascript:void(0);" class="btn_cookies_close">close</a> <div class="cookies_layer_inner"> <h2>Samsung Mobile Security <br>Cookie Policy</h2> <p class="cookies_dates">Updated on Jan 17, 2022</p> <div class="cookies_cont"> <p class="cookies_cont_txt">This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.<br><br> It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.<br><br> Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at <a href="https://www.samsung.com/request-desk" class="txt_link2" target="_blank">https://www.samsung.com/request-desk</a>. </p> <p class="cookies_cont_txt c_center">You can also contact us at:</p> <p class="cookies_cont_txt_box c_center">European Data Protection Officer<br> Samsung Electronics (UK) Limited<br> Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS </p> <h4>Cookies</h4> <p class="cookies_cont_txt">Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.<br><br> We use the following types of cookies on this website:<br><br> <b>Essential Cookies</b>: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided. </p> <div class="cookies_cont_tb"> <table> <thead> <tr> <th>Cookie</th> <th>Domain</th> <th>Purpose</th> </tr> </thead> <tbody> <tr> <td>JSESSIONID</td> <td>security.samsungmobile.com</td> <td>to keep login session</td> </tr> <tr> <td>lastActivityTime</td> <td>security.samsungmobile.com</td> <td>to save the user's last activity time to automatically logout after 30 minutes of inactivity</td> </tr> </tbody> </table> </div> <h4>Managing Cookies and Other Technologies</h4> <p class="cookies_cont_txt">You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at <a href="http://www.allaboutcookies.org" class="txt_link2" target="_blank">http://www.allaboutcookies.org</a>.</p> </div> </div> </div> <!-- //210504 - Cookies Layer Popup --> <!-- skipnav --> <div id="skipnav"> <a href="#gnb">Go straight to the menu</a> <a href="#home">Go straight to the text</a> </div> <!-- //skipnav --> <!-- wrap --> <div id="wrap"> <!-- header --> <header id="header_wrap"> <div id="header" class="main_header"> <div class="header_inner"> <div class="wrap_top"> <h1 class="logo"><a href="/./main.smsb"><strong>Samsung </strong>Mobile Security</a></h1> <!-- web --> <div class="gnb" id="gnb"> <!-- menu --> <ul class="menu"> <li><a href="/./workScope.smsb">Security Updates</a> <ul class="submenu"> <li><a href="/./workScope.smsb">Scope</a></li> <li><a href="/./securityUpdate.smsb">Firmware Updates</a></li> <li><a href="/./serviceWeb.smsb">Other Updates</a></li> </ul> </li> <li><a href="/./securityReporting.smsb">Security Reporting</a> <ul class="submenu"> <li><a href="/./securityReporting.smsb">Reporting</a></li> <li><a href="/./securityReportingProcess.smsb">Process</a></li> <li><a href="/./securityReportingRiskClassification.smsb">Severity Classification</a></li> </ul> </li> <li><a href="/./rewardsProgram.smsb">Rewards Program</a> <ul class="submenu"> <li><a href="/./rewardsProgram.smsb">How it works</a></li> <li><a href="/./hallOfFameInfo.smsb">Hall of Fame</a></li> </ul> </li> <li><a href="/./securityPost.smsb">Security Post</a></li> </ul> <!-- //menu --> <div class="toplink"> <span class="t_btn_login"><a href="javascript:goLogin();" title="Go to login">Login</a></span> <!-- Search --> <div class="wrap_search"> <a href="javascript:;" class="open_search">Search</a> <a href="javascript:;" class="close_search" style="display:none">Search Close</a> <div class="wrap_input" style="display:none"> <input id="androidUpdatesWebKey" name="androidUpdatesWebKey" type="text" placeholder="Enter the search word(ex. CVE, SVE.. )" title="search" style="height:100%;border:0px;"> <a href="javascript:androidUpdatesSearch('androidUpdatesWebKey')" class="btn_search">Search</a> </div> </div> <!-- //Search --> <!-- [D]login 후 개인화 메뉴 --> </div> </div> <!-- //web --> </div> <!-- mobile --> <div class="wrap_mobile_menu"> <div class="m_toplink"> <button type="button" class="m_btn_menu" title="Total Menu">Total Menu</button> <button type="button" class="m_btn_menu_close" title="Close the entire menu">Close the entire menu</button> </div> <div class="wrap_m_menu"> <!-- Search --> <div class="wrap_m_search"> <div class="wrap_input"> <input type="text" id="androidUpdatesMobileKey" name="androidUpdatesMobileKey" placeholder="Enter the search word(ex. CVE, SVE.. )" title="search" style="height:100%;border:0px;"> <a href="javascript:androidUpdatesSearch('androidUpdatesMobileKey')" class="btn_search">Search</a> </div> </div> <!-- //Search --> <ul class="m_main_menu"> <li><a href="/./workScope.smsb">Security Updates</a></li> <li><a href="/./securityReporting.smsb">Security Reporting</a></li> <li><a href="/./rewardsProgram.smsb">Rewards Program</a></li> <li><a href="/./securityPost.smsb">Security Post</a></li> </ul> <ul class="m_personal_menu"> <li><a href="javascript:goLogin();" title="Go to login">Login</a></li> <!-- [D]login 후 개인화 메뉴 --> </ul> </div> <div class="back_bg"></div> </div> <!-- //mobile --> </div> <div class="submenu_bar"></div> </div> </header> <!-- //header --> <!-- 각 개발된 화면 UI 입력되는 Part --> <style> pre{ padding:10px; overflow: auto; white-space: pre-wrap; /* pre tag내에 word wrap */ } </style> <script type="text/javascript"> document.title = 'Security Updates Other Updates | Samsung Mobile Security'; $(document).ready(function() { $(".menu").find("li:eq(0)").find("a").addClass("on"); //아코디언 $(".accordion_banner .acc_title").click(function(e) { e.preventDefault(); $(".wrap_su_month a").removeClass("on"); var indx = $(this).data().a; var onMonth = $(this).data().b; if($(this).next("div").is(":visible")){ $(this).next("div").slideUp("fast"); $(this).children("a").removeClass("on"); $(this).children("a").attr("title","Detail view open"); //$(".wrap_ack").hide(); } else { $(".acc_sub").slideUp("fast",function() { fnMove(indx); }); $(".acc_title").children("a").removeClass("on"); $(this).next("div").slideToggle("fast",function() { fnMove(indx); }); $(this).children("a").addClass("on"); $(".wrap_su_month > ."+onMonth).addClass("on"); $(this).children("a").attr("title","Detail view closed"); //$(".wrap_ack").show(); } /* var mon = $(this).attr("id"); var showAck = "."+mon; $(".wrap_ack").find("div").hide(); $(showAck).show(); */ }); $(".su_year_box .close").click(function(e){ $(".su_year_box").slideToggle("fast"); }); //년도 닫기 $(".close_year").click(function(e){ $(".su_year_box").slideToggle("fast"); var year=$(this).text(); _search(year); $("#selyearOld").html(year+"<a href='javascript:void(0)' class='open_year'>Open selected window by year</a>"); $("#year").val(year); $(".open_year").click(function(e){ $(".su_year_box").slideToggle("fast"); }); }); //년도 펼치기 $(".open_year").click(function(e){ $(".su_year_box").slideToggle("fast"); }); //년도 펼치기 $(".prev").click(function(e){ var nowYear = $(".close_year:last").text(); var year=$("#selyear").text(); if(nowYear == year){ return; } _search(Number(year)-1); }); $(".next").click(function(e){ var nowYear = $(".close_year:first").text(); var year=$("#selyear").text(); if(nowYear == year){ return; } _search(Number(year)+1); }); /* $(".wrap_su_month .on").click(function(e){ clickMonth($(this).text()); var showAck = "."+$(this).text(); $(".wrap_ack").find("div").hide(); $(showAck).show(); }); */ $(".su_disc_btn").click(function(e){ e.preventDefault(); $("#su_disc").toggleClass('on'); }); //$(".wrap_ack").find("div:first").show(); $(".wrap_su_month a:last").addClass("on"); $(".wrap_su_month a").blur(); $(".acc_title a:first").addClass("on"); $(".acc_title a:first").attr("title","Detail view closed"); $(".acc_sub:first").css("display", "block"); //$('.ent').text($('.ent').html().replace(/<br\s?\/?>/g,"\n")); // var dbTxt = $('.ent').html(); // dbTxt = dbTxt.replace(/<br>/g, '\n'); // $('.ent').text()=dbTxt; var monthArray = ['January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'December'] var pMonth = getParam('month'); if(pMonth) { var $month = $('.wrap_su_month').find('.' + monthArray[pMonth - 1]).not('.on'); if($month.length) { $month.trigger('click'); } } }); // url 에서 parameter 추출 function getParam(sname) { var params = location.search.substr(location.search.indexOf("?") + 1); var sval = ""; params = params.split("&"); for (var i = 0; i < params.length; i++) { temp = params[i].split("="); if ([temp[0]] == sname) { sval = temp[1]; } } return sval; } function _search(year) { var url = openPageUrl('/serviceWeb.smsb'); $("#year").val(year); document.searchForm.action=url; document.searchForm.submit(); $("#year").val(year); } function clickMonth(total,cnt,mon) { var id = "#"+mon; $(".wrap_su_month a").removeClass("on"); if($(id).next("div").is(":visible")){ $(id).next("div").slideUp("fast"); $(id).children("a").removeClass("on"); $(id).attr("tabindex", -1).focus(); $(id).children("a").attr("title","Detail view open"); //$(".wrap_ack").hide(); } else { $(".acc_sub").slideUp("fast",function() { var indx = total - cnt; fnMove(indx) $(id).children("a").addClass("on"); $(".wrap_su_month > ."+mon).addClass("on"); }); $(".acc_title").children("a").removeClass("on"); $(id).next("div").slideToggle("slow",function() { var indx = total - cnt; fnMove(indx); $(id).children("a").addClass("on"); $(".wrap_su_month > ."+mon).addClass("on"); }); $(id).children("a").attr("title","Detail view close"); //$(".wrap_ack").show(); } } function moveCont(total,cnt,mon){ clickMonth(total,cnt,mon); var showAck = "."+mon; //$(".wrap_ack").find("div").hide(); $(showAck).show(); } function fnMove(seq){ var windowWidth = $( window ).width(); var pos = 62; if(windowWidth <1010){ pos = 0; } var offset = $("#" + seq).offset(); $('html, body').animate({scrollTop : offset.top-pos}, 0); } </script> <form id="serviceWeb" name="searchForm" action="/serviceWeb.smsb;jsessionid=pNCP2ltQlsm7vaLh87RFyWWvKmzraTCOop8ATupG.bbportal1" method="post"> <input id="year" name="year" type="hidden" value="2025"/> <!-- container --> <div id="container"> <div class="sub_visual_rn"> <span class="svrn1"></span> <div class="breadcrumb_rn"> <div> <a href="/main.smsb" class="ico_home" title="Go to Home" id="home">Home</a><span class="ico_arw">&gt;</span><a href="/workScope.smsb">Security Updates</a><span class="ico_arw">&gt;</span><em>Other Updates</em> </div> </div> </div> <div class="page_tit"> <h2 class="page_tit_wht">Security Updates</h2> </div> <div class="wrap_sub_menu"> <ul class="sub_menu"> <li><a href="/workScope.smsb"><span>Scope</span></a></li> <li><a href="/securityUpdate.smsb"><span>Firmware Updates</span></a></li> <li class="on"><span>Other Updates</span></a></li> </ul> </div> <!-- contents --> <div id="contents"> <div class="list_su_calendar"> <!-- top_calendar --> <div class="su_calendar"> <div class="su_year"> <div class="su_move"> <a href="javascript:;" class="prev">Move to the previous year</a> <a href="javascript:;" class="next">Move to the next year</a> </div> <div id="selyear" style="display:none">2025</div> <p id="selyearOld">2025<a href="javascript:void(0)" class="open_year">Open selected window by year</a></p> <div class="su_year_box"> <ul> <li class="close_year"><a href="javascript:;">2025</a></li> <li class="close_year"><a href="javascript:;">2024</a></li> <li class="close_year"><a href="javascript:;">2023</a></li> <li class="close_year"><a href="javascript:;">2022</a></li> <li class="close_year"><a href="javascript:;">2021</a></li> <li class="close_year"><a href="javascript:;">2020</a></li> <li class="close_year"><a href="javascript:;">2019</a></li> <li class="close_year"><a href="javascript:;">2018</a></li> </ul> <a href="javascript:;" class="close">Close selected window by year</a> </div> <div class="wrap_su_month"> <a class="January" href="javascript:void(0)" onclick="moveCont('1','1','January')">January</a> </div> </div> <!-- //calendar --> </div> <!-- //top_calendar --> <!-- Acknowledgements --> <div class="list_basic" > <div class="top_section serviceweb" > <p>We truly appreciate the following security researchers for helping us improve the security of our <b>mobile applications</b>, <b>wearable devices</b> and <b>personal computers</b>. We would like to thank them for disclosing the vulnerability reports responsibly and working with us throughout the process.</p> <p>Please note that while we are doing our best to release the security patches as soon as possible to all applicable devices and services, release time of security patches may vary depending on the device version and models or service versions.</p> </div> </div> <!-- //Acknowledgements --> <!-- accordion list --> <div class="accordion_banner" id="-1" > <div id='0'></div> <div class="wrap_acc"> <div class="acc_title" id="January" data-a="0" data-b="January"><a href="javascript:;" title="Detail view open">JAN-2025 Updates</a></div> <div class="acc_sub"> <font size="3"><strong><font size="5"><br />Android Applications Updates<br /></font></strong><br /></font><div style="padding-left:40px"><strong><font size="4">SVE-2024-1904(CVE-2025-20901): Out-of-bounds read in Blockchain Keystore</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 1.3.16.5<br />Reported on: September 30, 2024<br />Description: Out-of-bounds read in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to read out-of-bounds memory.<br />The patch adds proper input validation.<br />Acknowledgement: Dawuge</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-1601(CVE-2025-20895): Authentication Bypass Using an Alternate Path in Galaxy Store</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 4.5.87.6<br />Reported on: August 12, 2024<br />Description: Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.<br />The patch adds proper access control.<br />Acknowledgement: RAJESH PORKODI</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-1621(CVE-2025-20894): Improper access control in Samsung Email</font></strong><br /><font size="3"><br />Severity: High<br />Resolved version: 6.1.97.1<br />Reported on: August 15, 2024<br />Description: Improper access control in Samsung Email prior to version 6.1.97.1 allows physical attackers to access data across multiple user profiles.<br />The patch adds proper access control.<br />Acknowledgement: Sam of Honor Cyber Security Lab</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-1752(CVE-2025-20896): Use of implicit intent for sensitive communication in EasySetup</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 11.1.18<br />Reported on: September 6, 2024<br />Description: Use of implicit intent for sensitive communication in EasySetup prior to version 11.1.18 allows local attackers to access sensitive information.<br />The patch adds proper validation.<br />Acknowledgement: Dawuge</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-1755(CVE-2025-20897): Improper access control in Secure Folder</font></strong><br /><font size="3"><br />Severity: High<br />Resolved version: 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12<br />Reported on: September 6, 2024<br />Description: Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder.<br />The patch adds proper access control.<br />Acknowledgement: Dawuge</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-1772(CVE-2025-20898): Improper input validation in Samsung Members</font></strong><br /><font size="3"><br />Severity: High<br />Resolved version: 5.2.00.12<br />Reported on: September 8, 2024<br />Description: Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user profiles.<br />The patch adds proper input validation logic.<br />Acknowledgement: Sam of Honor Cyber Security Lab</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-1883(CVE-2025-20899): Improper access control in PushNotification</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 13.0.00.15 in Android 12, 14.0.00.7 in Android 13, and 15.1.00.5 in Android 14<br />Reported on: September 26, 2024<br />Description: Improper access control in PushNotification prior to version 13.0.00.15 in Android 12, 14.0.00.7 in Android 13, and 15.1.00.5 in Android 14 allows local attackers to access sensitive information.<br />The patch removes unnecessary implementation.<br />Acknowledgement: 刘晓峰</font></div><br /><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-1888(CVE-2025-20900): Out-of-bounds write in Blockchain Keystore</font></strong><br /><font size="3"><br />Severity: High<br />Resolved version: 1.3.16.5<br />Reported on: September 27, 2024<br />Description: Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory.<br />The patch adds proper input validation.<br />Acknowledgement: Dawuge</font></div><br /><strong><font size="5"><br />Other Software Updates<br /></font></strong><br /><div style="padding-left:40px"><strong><font size="4">SVE-2024-0968(CVE-2025-20902): Improper access control in Media Controller</font></strong><br /><font size="3"><br />Severity: Moderate<br />Resolved version: 1.0.24.5282<br />Reported on: April 20, 2024<br />Description: Improper access control in Media Controller prior to version 1.0.24.5282 allows local attacker to launch activities in MediaController&#39;s privilege.<br />The patch adds proper access control.<br />Acknowledgement: khilli</font></div><br /> </div> </div> </div> <!-- //list --> </div> </div> <!-- //contents --> </div> <!-- //container --> </form> <!-- footer --> <footer id="footer"> <div class="in"> <div class="sitemap"> <p>SITE MAP</p> <ul> <li><a href="/workScope.smsb">Security Updates</a></li> <li><a href="/securityReporting.smsb">Security Reporting</a></li> <li><a href="/rewardsProgram.smsb">Rewards Program</a></li> <li><a href="/securityPost.smsb">Security Post</a></li> </ul> </div> <div class="site_link"> <div class="dropdown"><button type="button" class="dropbtn_none btn_footer_cookie" title="Cookie Policy">Cookie Policy</button></div> <div class="dropdown"> <button onclick="myFunction()" class="dropbtn" title="Privacy Policy">Privacy Policy</button> <div id="myDropdown" class="dropdown-content"> <a href="/privacy/global/privacy_notice.html" target="_blank" title="Global">Global</a> <a href="/privacy/us/privacy_notice_us.html" target="_blank" title="US">US</a> <a href="/privacy/eu/privacy_notice_eu.html" target="_blank" title="EU">EU</a> <a href="/privacy/latin/privacy_notice_latin.html" target="_blank" title="Latin America">Latin America</a> <a href="/privacy/korea/privacy_notice_korea.html" target="_blank" title="Korea">Korea</a> <a href="/privacy/brazil/privacy_notice_brazil.html" target="_blank" title="Brazil">Brazil</a> <a href="/privacy/turkey/privacy_notice_turkey.html" target="_blank" title="Turkey">Turkey</a> <a href="/privacy/vietnam/privacy_notice_vietnam.html" target="_blank" title="Vietnam">Vietnam</a> </div> </div> <div class="dropdown"><button type="button" onclick="location.href='http://www.samsung.com'" class="dropbtn_none" title="Samsung.com site new window">Samsung.com</button></div> </div> <button class="wtop" type="button" title="Move the screen to the top">Top</button> <span class="copy">Copyright© 2017 SAMSUNG All Rights Reserved.</span> </div> </footer> <!-- //footer --> </div> <!-- //wrap --> <form method="post" name="menuMoveForm" id="menuMoveForm" action="/myRequest.smsr" > <input type="hidden" id="timeZoneHour" name="timeZoneHour" value="0" title="timeZoneHour"> <input type="hidden" id="portalIssue" name="portalIssue" value="0" title="portalIssue"> <input type="hidden" id="draftId" name="draftId" value="0" title="draftId"> </form> <form method="post" name="androidUpdatesSearchForm" id="androidUpdatesSearchForm" action="/androidUpdatesSearch.smsb" > <input type="hidden" id="androidSearchText" name="androidSearchText" value="" title="timeZoneHour"> </form> <script type="text/javascript" src="/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=3&cb=2111271379" async></script></body> </html>