Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Samsung Rolls Out Android Updates Fixing Critical Vulnerabilities

https://open.spotify.com/show/3Gmj15x6cGrgJEzmGnDTTj?si=nytzAjvSR4qBqTbLP6pgKA

Samsung Rolls Out Android Updates Fixing Critical Vulnerabilities

Samsung

Samsung has started rolling out Android’s August security updates to mobile devices to fix critical security vulnerabilities in the operating system.

This week Android published their August 2020 security updates, which includes numerous security patches for critical vulnerabilities impacting the latest devices.

As observed by BleepingComputer, Samsung Galaxy devices are automatically pulling updates today, August 8, 2020. These updates include camera improvements and Wi-Fi optimizations, along with some pretty significant security fixes.

Android August 2020 security updates
Android August 2020 update notification observed on Samsung Galaxy S10 5G
Source: BleepingComputer

All vulnerabilities in this update have a rating of either either ‘High’ or ‘Critical’ severity, making this update a requirement for Android users so that their devices remain protected.

 

From RCE, to UI bypass: the most concerning vulnerabilities

Of all the patches, the winning candidate is a fix for CVE-2020-0240, a remote code execution vulnerability caused by an “integer overflow” bug in the Android operating system.

“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process,” explained the advisory bulletin

If successfully exploited, this vulnerability would allow a remote attacker to take full control over your device.

Fix for CVE-2020-0240: RCE flaw
Fix in green for CVE-2020-0240: integer-overflow RCE flaw
Source: 
Google Git

Other concerning vulnerabilities include those that allow you to completely bypass user interaction to gain elevated permission. This vulnerability would allow an attacker to run code at higher permissions then it usually would.

If exploited, “the most severe vulnerability in this section could enable a local malicious application to bypass user interaction requirements to gain access to additional permissions,” the advisory bulletin states.

Also read: 9 Policies For Security Procedures Examples

 

Other notable vulnerabilities fixed in this update are categorized below:

Framework:

CVE References Type Severity Updated AOSP versions
CVE-2020-0240 A-150706594 RCE High 10
CVE-2020-0238 A-150946634 EoP High 8.0, 8.1, 9, 10
CVE-2020-0257 A-156741968 EoP High 10
CVE-2020-0239 A-151095863 ID High 9, 10
CVE-2020-0249 A-154719656 ID High 8.0, 8.1, 9, 10
CVE-2020-0258 A-157598956 ID High 10
CVE-2020-0247 A-156087409 DoS High 8.0, 8.1, 10

 

Media Framework:

CVE References Type Severity Updated AOSP versions
CVE-2020-0241 A-151456667 EoP High 8.0, 8.1, 9, 10
CVE-2020-0242 A-151643722 EoP High 8.0, 8.1, 9, 10
CVE-2020-0243 A-151644303 EoP High 8.0, 8.1, 9, 10

System:

CVE References Type Severity Updated AOSP versions
CVE-2020-0108 A-140108616 [2] [3] [4] EoP High 8.1, 9, 10
CVE-2020-0256 A-152874864 EoP High 8.0, 8.1, 9, 10
CVE-2020-0248 A-154627439 ID High 10
CVE-2020-0250 A-154934934 ID High 10

A complete list of many more CVEs that were patched in different components has been provided in the bulletin

 

Some bugs may still be exploitable

On select Samsung Galaxy devices, the updates pushed this week have their latest “security patch level” dated “2020-08-01.” This implies the high severity Escalation of Privileges (EoP) vulnerabilities to be fixed by the “2020-08-05 security patch” are still exploitable.

Just one of these vulnerabilities, CVE-2020-0259, for example, can allow a locally present attacker to execute arbitrary code on an unpatched device by escalating privileges.

Users are advised to update their Android devices immediately to safeguard against these bugs, and ensure their devices have the “auto-update” settings enabled.

Also read: 7 Client Data Protection Tips to Keep Customers Safe

https://www.youtube.com/watch?v=30eI59FlBdk

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us