Samsung
Samsung

Details of Samsung’s July 2024 security patch

In a nutshell:

  • Samsung’s July 2024 Security Patch safeguards your Galaxy device by addressing critical vulnerabilities in Android and Samsung’s software (One UI).
  • The update tackles issues like unauthorized access, improper data handling, and potential security exploits.
  • Specific details on some vulnerabilities are confidential for security reasons.

Deeper Dive

Samsung has released details about its latest security update for Galaxy devices, aiming to bolster their overall protection. This July 2024 Security Maintenance Release (SMR) merges patches from both Google and Samsung.

Strengthening Android’s Core:

Google’s contribution fixes 4 critical and 21 high-level vulnerabilities within the Android framework. It’s important to note that 2 of these vulnerabilities don’t affect Samsung devices.

Enhancing One UI Security:

Samsung has addressed 33 Samsung Vulnerabilities and Exposures (SVEs) to further fortify One UI, the custom user interface found on Galaxy devices. These SVEs target potential security risks in various areas, including One UI Home, System Property, System UI, Filter Provider, Secure Folder, and more.

This update also incorporates a Samsung Semiconductor patch that tackles 2 high-level vulnerabilities specific to Samsung’s hardware.

What You Need to Know:

  • The rollout of this security patch hasn’t begun yet. Stay tuned for official announcements from Samsung regarding availability for your specific device.
  • Some details concerning the vulnerabilities addressed are confidential to maintain security effectiveness.

By implementing this update, Samsung strives to provide a more secure environment for your Galaxy device. While the specific rollout timeframe remains unknown, keeping an eye out for official updates is recommended to ensure you benefit from these security enhancements.

Samsung July 2024 Security Patch Details

Android Patch Details

Critical

  • CVE-2023-43556, CVE-2023-43538, CVE-2023-43551, CVE-2024-31320

High

  • CVE-2024-0671, CVE-2024-1065, CVE-2024-23698, CVE-2024-23696, CVE-2024-23697, CVE-2024-23695, CVE-2024-23711, CVE-2024-26926, CVE-2024-20066, CVE-2024-20068, CVE-2024-20067, CVE-2023-43542, CVE-2024-23363, CVE-2024-31331, CVE-2024-34720, CVE-2024-34723, CVE-2024-31332, CVE-2024-31339, CVE-2024-34722, CVE-2024-34721, CVE-2024-31338

Moderate

  • None

Already included in previous updates

  • None

Not applicable to Samsung devices

  • CVE-2024-20069, CVE-2024-20065

Samsung Semiconductor

Samsung Semiconductor patch is also included in this Security Maintenance Release with the following CVE item:

High

  • CVE-2024-29153, CVE-2023-50805

One UI Patch Details

  • SVE-2023-1279(CVE-2024-20888): Improper access control in OneUIHome
  • SVE-2023-1514(CVE-2024-34583): Improper access control in system property
  • SVE-2024-0067(CVE-2024-20890, CVE-2024-20889): Improper implementation in BLE
  • SVE-2024-0144(CVE-2024-20891): Improper access control in SystemUI
  • SVE-2024-0146(CVE-2024-34585): Improper access control in SystemUI
  • SVE-2024-0148(CVE-2024-34595): Improper access control in SystemUI
  • SVE-2024-0194(CVE-2024-20892): Improper verification of signature in FilterProvider
  • SVE-2024-0440(CVE-2024-20893): Improper input validation in libmediaextractorservice.so
  • SVE-2024-0490(CVE-2024-20894): Improper handling of exceptional conditions in Secure Folder
  • SVE-2024-0547(CVE-2024-20895): Improper access control in Dar service
  • SVE-2024-0700(CVE-2024-20896): Use of implicit intent for sensitive communication in Configuration message
  • SVE-2024-0716(CVE-2024-34584): Improper privilege management in SumeNNService
  • SVE-2024-0772(CVE-2024-20899, CVE-2024-20898, CVE-2024-20897): Use of implicit intent for sensitive communication in FCM function in IMS service.
  • SVE-2024-0788(CVE-2024-34586): Improper access control in KnoxCustomManagerService
  • SVE-2024-0793(CVE-2024-34587): Improper input validation in librtp.so
  • SVE-2024-0794(CVE-2024-34588): Improper input validation in librtp.so
  • SVE-2024-0795(CVE-2024-34589): Improper input validation in librtp.so
  • SVE-2024-0810(CVE-2024-34590): Improper input validation in librtp.so
  • SVE-2024-0811(CVE-2024-34591): Improper input validation in librtp.so
  • SVE-2024-0812(CVE-2024-34592): Improper input validation in librtp.so
  • SVE-2024-0818(CVE-2024-34593): Improper input validation in librtp.so
  • SVE-2024-0834(CVE-2024-20900): Improper authentication in MTP application
  • SVE-2024-0851(CVE-2024-20901): Improper input validation in copying data to buffer cache in libsaped
  • SVE-2024-0882(CVE-2024-34594): Exposure of sensitive information in proc file system
Blight Mojave
Blight is an aspiring Samsung enthusiast and technology aficionado, dedicated to exploring the extraordinary realms facilitated by cutting-edge innovations. He is passionate about Artificial Intelligence (AI) and its potential to transform industries, enhance human experiences, and shape a better future. Fascinated by the delicate beauty and he is captivating essence of flowers, finding solace in their presence. He is constantly seeking knowledge and growth, eager to connect with like-minded individuals and build meaningful relationships.
adbanner