Samsung began rolling out patches over the weekend to fix six critical bugs found in its flagship Android handsets as part of its May patch bulletin. Flaws range from a remote code execution bug to a buffer overflow vulnerability, plus a
peek-and-poke command bug that leaves memory locations open on targeted devices.
All six of Samsung’s critical vulnerabilities patched this month were identified in Google’s
April Android Security Bulletin. Google released its
May Android Security Bulletin last week. In all, Samsung disclosed and patched 27 vulnerabilities, 21 identified as high severity.
Five of the critical bugs identified by Samsung are tied to Qualcomm and its Snapdragon processors used in Samsung handhelds, but also the chipmaker’s Snapdragon Wear and Automotive platforms. Impacted are Samsung handheld models ranging from its Galaxy family of S9, Note 8 and S8 phones.
One critical vulnerability is an RCE bug (
CVE-2017-13292) identified by
Google last month that could “enable a proximate attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.” The flaw, which has a CVSS score of 9.8, is tied to a third-party Broadcom wireless chipset driver (bcmdhd).
