The latest security update for contemporary Galaxy devices – dated January 1st, 2020 – is as varied as these monthly patches go. Several days after it started reaching select smartphones, the new firmware upgrade also got detailed in an official security bulletin from Samsung.
Not accounting for Google’s monthly Android security fixes, the update that’s now on its way to Galaxy devices also features nine of Samsung’s own interventions. One of which stars the Galaxy Note 20 series and is rather bizarre, to put it mildly.
How long until the January 2021 update reaches your phone?
Fortunately, none of the Galaxy-specific vulnerabilities that Samsung’s addressing this month have been rated as critical. Some could have been pretty far-reaching, however, based solely on how long they’ve gone unnoticed.
For example, the January 2021 patch includes a fix for a memory corruption exploit that abused one unprotected library protocol which has been around since Android 8.0 Oreo days, i.e. mid-2017.
Another curious thing about this soon-to-be-ex buffer overflow risk is the fact that it was brought to Samsung’s attention by an incognito source. Anonymous reports in the cybersecurity space aren’t exactly unheard of, but they’re pretty rare when it comes to those affecting countless devices from the world’s largest consumer electronics manufacturer. Primarily because security researchers who manage to document such attack vectors are usually eligible for some sort of a bug bounty.
Finally, the January 2021 security update also addresses another buffer overflow vulnerability specific to Galaxy devices that existed for over three years. But that one is as mundane as such threats tend to get as it relies on a pretty infinite resource called outdated modem drivers (for Bluetooth, in this instance).