Samsung started rolling out Android’s March 2021 security updates for critical security vulnerabilities.
March 2021 — Samsung Update
Though exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform.
Smartphones are regularly getting updates from their respected Android vendors.
As observed by BleepingComputer, Samsung Galaxy devices are automatically pulling updates released on March 5, 2021, this week.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
For critical Android bugs Samsung has started rolling out March 2021 security updates to mobile devices in the runtime, operating system, and related components.
Also, the updates mainly comprise security fixes for Samsung Galaxy built-in apps with couple of enhancements like
- Calendar
- Display
- Social Platform
- SmartThings.
The vulnerability CVE-2021-0395 could enable a local attacker to execute arbitrary code within the context of a privileged process.
| CVE | References | Type | Severity | Updated AOSP versions |
|---|---|---|---|---|
| CVE-2021-0397 | A-174052148 | RCE | Critical | 8.1, 9, 10, 11 |
Android runtime
Here, the vulnerability in this section could enable a local attacker to execute arbitrary code within the context of a privileged process.
| CVE | References | Type | Severity | Updated AOSP versions |
|---|---|---|---|---|
| CVE-2021-0395 | A-170315126 | EoP | High | 11 |
Framework
Importantly, the most severe vulnerability in this section could enable a local attacker with privileged access to gain access to sensitive data.
| CVE | References | Type | Severity | Updated AOSP versions |
|---|---|---|---|---|
| CVE-2021-0391 | A-172841550 | EoP | High | 8.1, 9, 10, 11 |
| CVE-2021-0398 | A-173516292 | EoP | High | 11 |
System
On the other hand, the most severe vulnerability in this section could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.
| CVE | References | Type | Severity | Updated AOSP versions |
|---|---|---|---|---|
| CVE-2017-14491 | A-158221622 | RCE | High | 8.1, 9, 10, 11 |
| CVE-2021-0393 | A-168041375 | RCE | High | 8.1, 9, 10, 11 |
| CVE-2021-0396 | A-160610106 | RCE | High | 8.1, 9, 10, 11 |
| CVE-2021-0390 | A-174749461 | EoP | High | 8.1, 9, 10, 11 |
| CVE-2021-0392 | A-175124730 | EoP | High | 9, 10, 11 |
| CVE-2021-0394 | A-172655291 [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] | ID | High | 8.1, 9, 10, 11 |
Google Play system updates
The following issues are included in Project Mainline components.
| Component | CVE |
|---|---|
| WiFi | CVE-2021-0390 |
Security Recommendations:
Android users are advised to update their Android devices immediately and recommended to have the “auto-update” settings enabled to safeguard against these bugs
Leave A Comment