Not long after it started rolling out a new security update for September, Samsung released the official changelog detailing many of the vulnerabilities this latest over-the-air release addresses. Exactly nine of those are labeled as “critical,” but all come directly from Google and affect all Android devices. For added context, the August 2020 security update contained “just” two such critical-level fixes.
In total, the OTA release that brings the security patch level of compatible Galaxy devices up to September 1st, 2020, includes 15 security fixes specific to Samsung’s devices. That’s on top of over 90 fixes included in Google’s own Android security update for September because – as always – Samsung’s maintenance update combines Google’s patches with those specific to smartphones and tablets its customized version of the OS.
The September patch includes a 5G-specific vulnerability fix
Like most large tech companies, Samsung incentivizes security researchers to report vulnerabilities in its Android implementations through a full-fledged bug bounty program which it has been running for years at this point. This update also marks the first occasion on which we’re seeing one of Samsung’s fixes for a 5G-specific vulnerability. It reworks the manner in which USB debugging commands pertaining to LTE and 5G instructions can be used without user authentication. That is to say – they can’t, unless you enable the developer options menu in device settings following the September 2020 update.
A handful of Samsung’s devices are already in the process of receiving this new security release, which first started rolling out last Tuesday, September 1st. Naturally, many more are set to follow in the coming weeks.