SamMobile has affiliate and sponsored partnerships. If you buy something through one of these links, we may earn a commission. Learn more.

October security patch fixes serious vulnerability affecting a few Samsung phones

General
By 

Last updated: October 4th, 2019 at 14:20 UTC+02:00

Earlier this week, Google’s Project Zero security analysis team revealed that cyber-attackers are exploiting a bug within Android OS, which affects 18 known phone models including three Samsung devices, namely the Galaxy S7, Galaxy S8, and Galaxy S9. The issue stems from a local privilege escalation vulnerability which can give attackers full control over an affected device.

Google’s Project Zero team labeled it a “high severity vulnerability,” but the good news is that a fix has already been devised and will roll out along with the October 2019 security patch. The need for secrecy might be why Google has yet to detail the October 2019 security patch in an official changelog. Either way, the company said its Pixel 1 and 2 will no longer be vulnerable after the update, adding that a patch has also been made available to partners to make sure that the problem doesn’t spread throughout the Android ecosystem.

Samsung already rolling out the October patch

The severity of the bug could also be the reason why Samsung already launched the October security patch for several Galaxy devices, even as the changelog was missing. So far, Samsung released the October 2019 security patch for the Galaxy S10 5G, the Galaxy A20e, Galaxy A50, as well as the A30 and Galaxy J2 Core.

Interestingly, all of these phones sans the Galaxy S10 5G follow the quarterly update schedule, and none of them have been mentioned by the Project Zero team as being vulnerable. Then again, the list of affected devices shared in Chromium isn’t final and there could be more phones that are or have been open to attacks.

The vulnerability is reportedly being exploited by the NSO Group

According to Project Zero, the vulnerability can be exploited either when a user installs an untrusted app, or via a web browser by combining it with another exploit residing in the code that determines how content is being rendered in Chrome.

Project Zero member, Maddie Stone, said there are reasons to believe the vulnerability is being exploited by the NSO Group or its clients. This is an Israel-based exploit developer and is known to sell its malicious product to various governmental bodies. A few years ago the same group was responsible for developing the “Pegasus” spyware for mobile devices, which was designed to jailbreak or root iOS / Android phones and expose private data.

How to keep safe

Because the vulnerability requires either an additional app to open up the exploit or a second exploit within the Chrome web browser for it to work, it shouldn’t be difficult to keep your phone safe even if you haven’t received the October 2019 security patch yet. Just be mindful of what third-party apps you install and refrain from installing apps from untrusted sources. Likewise, you might want to use a different mobile web browser instead of Chrome, at least until the vulnerability will be fully patched.

Via GeneralPhone Galaxy S7Samsung Galaxy S8Samsung Galaxy S9
Load 3 comments

You might also like

Four-year-old Galaxy S9 gets a new software update in the US

Samsung has released a new software update to the Galaxy S9 and the Galaxy S9+. Considering that these two pho …

  • By Asif Iqbal Shaik
  • 2 months ago

Samsung Galaxy S9 trade-in values help you ditch your outdated phone

It has been four years since the Galaxy S9 and Galaxy S9+ were launched. Samsung sold quite a lot of units acr …

  • By Adnan Farooqui
  • 3 months ago

Samsung officially pulls update support for the Galaxy S9 series

After four years of continuous update support, Samsung has official pulled the plug for the Galaxy S9 and the …

  • By Sagar Naresh
  • 3 months ago

Marvel’s Moon Knight series features the Samsung Galaxy S9

We recently reported that a Samsung Galaxy Fold was featured in the second season of Star Trek: Picard. Now, …

  • By Sagar Naresh
  • 3 months ago

Four-year-old Galaxy S9 gets latest security update

It’s commendable that Samsung is updating even four and five-year-old smartphones with the latest securi …

  • By Asif Iqbal Shaik
  • 3 months ago

Four-year-old Samsung flagships get a new security update in the US

Samsung has become a force to reckon with in the Android space in terms of software support. It is the only br …

  • By Asif Iqbal Shaik
  • 4 months ago