Ever since Google promised monthly security updates for its Nexus devices, it has been keeping its promise of releasing Android security update every month. In February, Google rolled out the monthly security update on the first day of the month. BlackBerry followed Google to release the security update for its Priv smartphone at around the same time.
Samsung has also joined the club, however slightly late. The South Korean company has started seeding the February Android security update for its high-end Galaxy devices.
It says that the “maintenance release for major flagship models” as part of monthly Security Maintenance Release (SMR) process includes patches from Google’s February Android security update. It also includes patches from Samsung.
Apart from Google patches, the company provides seven Samsung Vulnerabilities and Exposures (SVE) items. Some of the vulnerability listed by Samsung include buffer overflow vulnerability in Qualcomm WLAN Driver, which has been rated as critical severity and affects Android 4.2 Jelly Bean and above devices with Qualcomm Wi-Fi chipset, and is a vulnerability that doesn’t confirm boundary condition before memory copy can make buffer overflow by an unexpected data size. Samsung says supplied patch prevents buffer overflow by confirming the sizes of source and destination.
The second patch was rolled out as SecNetfilter security patch which was rated as medium and affected all devices using SecNetfilter driver on Android 4.4 KitKat or Android Lollipop 5.0 (5.1). The vulnerability dereferences null-pointer during parsing the URL that can make a memory corruption and be abused by attackers. The company says that the supplied patch removes the ‘SecNetfilter’ driver.