Ever since Google promised monthly security updates for its Nexus devices, it has been keeping its promise of releasing
Android security update every month. In February, Google rolled out the
monthly security update on the first day of the month. BlackBerry
followed Google to release the security update for its Priv smartphone at around the same time.
Samsung has also joined the club, however
slightly late. The South Korean company has started seeding the February
Android security update for its high-end Galaxy devices.
that the "maintenance release for major flagship models" as part of
monthly Security Maintenance Release (SMR) process includes patches from
Google's February Android security update. It also includes patches from Samsung.
Apart from Google
patches, the company provides seven
Samsung Vulnerabilities and Exposures (SVE) items. Some of the
vulnerability listed by Samsung include buffer overflow vulnerability in
Qualcomm WLAN Driver, which has been rated as critical severity and
affects Android 4.2 Jelly Bean and above devices with Qualcomm Wi-Fi
chipset, and is a vulnerability that doesn't confirm boundary condition
before memory copy can make buffer overflow by an unexpected data size.
Samsung says supplied patch prevents buffer overflow by confirming the
sizes of source and destination.
The second patch was rolled out
as SecNetfilter security patch which was rated as medium and affected
all devices using SecNetfilter driver on Android 4.4 KitKat or Android
Lollipop 5.0 (5.1). The vulnerability dereferences null-pointer during
parsing the URL that can make a memory corruption and be abused by
attackers. The company says that the supplied patch removes the