Samsung Breaks Down Its January Android Security Patch

Samsung revealed the contents of the January Security Patch which it started pushing out on Tuesday for unlocked variants of select Android devices. As expected, the new update contains all of the latestpatches from Google, as well as Samsung’s own additions which address common bugs, vulnerabilities, and other issues. Samsung’s January Security Patch deals with no less than 67 Common Vulnerabilities and Exposures (CVE) directly related to the Android operating system and makes 28 other additions to Samsung’s latest phones. Regarding the latter, a portion of the patches addresses various security issues with the Snapdragon 835 and the Exynos 8895 system-on-chip, both of which are expected to power the upcoming Galaxy S8 flagship.
In addition to that, the January security update alsoincludes fixes for vulnerabilities present in the Snapdragon 820 and the Exynos 8890 chipset fueling the Galaxy S7 and the Galaxy S7 Edge. As always, some of theSamsung Vulnerabilities and Exposures (SVE) fixed in this update address minor bugs which could hardly be exploited in practicebut were still dealt with as a precaution. The January SecurityPatch includes only a single fix for a vulnerability whose severity Samsung rated as “High.” Theproblem in question is related to theEAS Autodiscover service as this solution would unveil user credentials to some subdomains when a user logged into their email account under certain conditions. Naturally, the company didn’t go into any details regarding these circumstances, but it did disclose that the code responsible for sending secure data has since been removed, which prevents the EAS Autodiscover from being exploited to send user credentials to unauthorized parties.