Samsung Breaks Down Its January Android Security Patch


为什么侵犯版权的地下黑产业多集中在荷兰、东欧、俄罗斯和中国呢?是不是这些地方的软件业缺乏创新精神,开发者的利益得不到保护?
信息安全带来麻烦:苹果遭遇”微软时刻”
Samsung revealed the contents of the January Security Patch which it started pushing out on Tuesday for unlocked variants of select Android devices. As expected, the new update contains all of the latestpatches from Google, as well as Samsung’s own additions which address common bugs, vulnerabilities, and other issues. Samsung’s January Security Patch deals with no less than 67 Common Vulnerabilities and Exposures (CVE) directly related to the Android operating system and makes 28 other additions to Samsung’s latest phones. Regarding the latter, a portion of the patches addresses various security issues with the Snapdragon 835 and the Exynos 8895 system-on-chip, both of which are expected to power the upcoming Galaxy S8 flagship.
In addition to that, the January security update alsoincludes fixes for vulnerabilities present in the Snapdragon 820 and the Exynos 8890 chipset fueling the Galaxy S7 and the Galaxy S7 Edge. As always, some of theSamsung Vulnerabilities and Exposures (SVE) fixed in this update address minor bugs which could hardly be exploited in practicebut were still dealt with as a precaution. The January SecurityPatch includes only a single fix for a vulnerability whose severity Samsung rated as “High.” Theproblem in question is related to theEAS Autodiscover service as this solution would unveil user credentials to some subdomains when a user logged into their email account under certain conditions. Naturally, the company didn’t go into any details regarding these circumstances, but it did disclose that the code responsible for sending secure data has since been removed, which prevents the EAS Autodiscover from being exploited to send user credentials to unauthorized parties.
找出系统和信息之后,需要给它们分安全级别,分级的目的以便有轻重地对待,即制定保护战略。

猜您喜欢

如何从手机电子钱包中偷钱
大数据的成功关键在公众安全信心
轻松打动HSE从业人员的HSE在线视频课程
酸奶的两大误区
BRICKSINMOTION EXAMTABLESFORSALE
网络钓鱼攻击的演变历史及趋势