fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Samsung Fixes Critical Android Flaws With September Updates

Samsung Fixes Critical Android Flaws With September Updates

samsung galaxy phones

Samsung has started rolling out Android’s September security updates to mobile devices to fix critical security vulnerabilities in the operating system and enhance overall features on the devices.

This week Android published their September 2020 security updates, which includes numerous security patches for critical vulnerabilities impacting the latest devices.

As observed by BleepingComputer, Samsung Galaxy devices are automatically pulling updates today, September 9, 2020.

These updates include numerous improvements related to Wi-Fi connectivity, Samsung Keyboard, and the Messages app, along with some pretty significant security fixes. There are also optimizations made to the camera’s Pro Video feature.

Samsung galaxy 10 september 2020 updatess
Android September 2020 update notification observed on Samsung Galaxy S10 5G
Source: BleepingComputer

All vulnerabilities addressed by this update, have either a ‘High’ or ‘Critical’ severity, making this update a requirement for Android users so that their devices remain protected.

RCE, Privilege escalation, and Information Disclosure

One of the most critical vulnerabilities CVE-2020-0245, for example, impacts the Media Framework component and allows for both Remote Code Execution and Information Disclosure.

“The most severe vulnerability in [the Media Framework] section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” explains the Android September 2020 security bulletin

Whereas, most vulnerabilities in the Framework itself concerned the attackers being able to bypass user interaction requirements, to gain extra permissions.

Other notable vulnerabilities fixed by this update, as listed in the security bulletin include:

Framework

CVEReferencesTypeSeverityUpdated AOSP versions
CVE-2020-0074A-146204120EoPHigh8.0, 8.1, 9, 10
CVE-2020-0388A-156123285EoPHigh10
CVE-2020-0391A-158570769EoPHigh9, 10
CVE-2020-0401A-150857253EoPHigh8.0, 8.1, 9, 10
CVE-2020-0382A-152944488IDHigh10
CVE-2020-0389A-156959408IDHigh10
CVE-2020-0390A-157598026IDHigh10
CVE-2020-0395A-154124307IDHigh8.0, 8.1, 9, 10
CVE-2020-0397A-155092443IDHigh8.0, 8.1, 9, 10
CVE-2020-0399A-153993591IDHigh8.0, 8.1, 9, 10

Media Framework

CVEReferencesTypeSeverityUpdated AOSP versions
CVE-2020-0245A-152496149IDHigh10
RCECritical8.0, 8.1, 9
CVE-2020-0392A-150226608EoPHigh9, 10
CVE-2020-0381A-150159669IDHigh8.0, 8.1, 9, 10
CVE-2020-0383A-150160279IDHigh8.0, 8.1, 9, 10
CVE-2020-0384A-150159906IDHigh8.0, 8.1, 9, 10
CVE-2020-0385A-150160041IDHigh8.0, 8.1, 9, 10
CVE-2020-0393A-154123412IDHigh9, 10

System

CVEReferencesTypeSeverityUpdated AOSP versions
CVE-2020-0380A-146398979RCECritical8.0, 8.1, 9, 10
CVE-2020-0396A-155094269IDCritical8.0, 8.1, 9, 10
CVE-2020-0386A-155650356EoPHigh8.0, 8.1, 9, 10
CVE-2020-0394A-155648639EoPHigh8.0, 8.1, 9, 10
CVE-2020-0379A-150156492IDHigh8.0, 8.1, 9, 10

Also read: PDPA For Companies: Compliance Guide For Singapore Business

Some bugs may still be exploitable

On select Samsung Galaxy devices, the updates pushed this week have their latest “security patch level” dated “2020-09-01.” This implies the high severity Escalation of Privileges (EoP) vulnerabilities to be fixed by the “2020-09-05 security patch” are still exploitable.

Just one of these vulnerabilities, CVE-2020-0402, for example, can allow a locally present attacker to escalate privileges on unpatched devices due to a use-after-free flaw related to the “locks” implemented by the filesystem.

The fix commit authored by Linus Torvalds, the creator of the Linux OS, patches both the use-after-free flaw and the race condition that could’ve occurred because of it.

Fix for CVE-2020-0402 fixed by Android security patch level 2020-09-05
Fix for CVE-2020-0402 provided by Android security patch level 2020-09-05
Source: Google Git

Users are advised to update their Android devices immediately to safeguard against these bugs, and ensure their devices have the “auto-update” settings enabled.

A full description of enhancements and optimizations this update brings is provided on Samsung’s website.

Also read: 10 Government Data Leaks In Singapore: Prevent Cybersecurity

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us