Samsung has confirmed the details for the latest security patch for the compatible devices. These monthly security patches are light-weight but they do fixes any discovered security vulnerability found in Android and Samsung’s own software. According to the latest report, Google has already put out its Android Security Bulletin for this month which says that there have been no reports so far for any user exploitation or abuse.
Regardless, the Android security patches have been released for the Google Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, and Pixel 3 XL. The Pixel C is no longer receiving major OS updates, so its monthly update is still Android 8.1 Oreo. As per usual, the Essential Phone is also receiving the Android security update on the same day.
Along with Google patches, Samsung Mobile provides 21 Samsung vulnerabilities and exposure items to improve the security of these handsets. Major vulnerabilities were:
- Keyboard learned words and clipboard contents were leaked on the lock screen via Bixby
- The vulnerability of secured notifications when using Voice Assistant
- Information disclosure in GateKeeper Trustlet
- A vulnerability in MALI GPU driver allows arbitrary kernel read/write.
- The patch removes vulnerable logic in MALI GPU driver.
- A vulnerability in RKP allows arbitrary write to protected memory.
- The patch fixes memory mapping logic in RKP.
The vulnerability ranked as critical was about heap overflow in the keymaster Trustlet which would allow attackers to write memory in TEE and can lead lead to arbitrary code execution. There are plenty of devices which will receive the security patch for 2019 in the few days. Samsung will gradually begin the rollout from its flagship devices and will proceed to its other smartphones gradually. Usually, Samsung starts with premium smartphones and comes to mid-range as well.