Once again, Samsung was the first Android OEM to release a new security patch. The company started rolling out the August 2021 security update in the last week of July, and the Galaxy A52 was the first phone to get it. However, the South Korean firm had not revealed which vulnerabilities it had fixed with the update until today.
Samsung has now published the list of privacy and security-related vulnerabilities fixed with the August 2021 patch. It includes 38 fixes from Google’s Android Security Bulletin for August, which includes fixes for 2 critical vulnerabilities, 23 high severity vulnerabilities, 9 moderate level vulnerabilities, and 3 vulnerabilities that do not apply to Samsung devices. The South Korean firm had already shipped one fix from Google’s August patch in its July 2021 update.
Samsung’s latest security patch also includes fixes for two vulnerabilities found in Galaxy smartphones and tablets. One of those vulnerabilities is marked as highly severe and is related to the reuse of IV (Initialization Vectors). The company fixed it by preventing the addition of custom IVs. The other vulnerability is said to be low in severity and is related to UAF (Use After Free) memory exploit in the conn_gadget driver. Samsung fixed it by adding proper check logic to prevent use after free.
As of today, the South Korean firm has released the August 2021 security update to the Galaxy A52, Galaxy A72, Galaxy A8 (2018), Galaxy S20 FE (Exynos 990 and Snapdragon 865 versions), Galaxy S21, Galaxy S21+, and the Galaxy S21 Ultra. More phones are expected to get the update in the coming weeks.