Samsung is reported to be rolling out its latest software update, and it is being made available to most Galaxy smartphones in its portfolio. While this would be a seemingly regular event, the Android security update for this month appears to carry higher importance than other updates of this nature. As part of its December 2020 software update, Samsung has included Google's Android security patches dated December 5, 2020, which importantly fixes security flaws in the Android framework with certified high level security vulnerabilities. These flaws could have allowed hackers with intent to carry out remote code execution, privilege escalation and denial of service attacks -- three of the most common forms of cyber attacks carried out on the consumer front by attackers in order to steal data (such as personal identification and financial documents), take over phone operations (such as sending messages and reading OTPs) and enable ransomware to block a user out of their own phone and force them to pay a ransom.
Bleeping Computer, which tracked the security vulnerabilities that were patched by Samsung in its latest update, notes down a total of 13 CVEs (common vulnerabilities and exposures), which include security breaches that could have allowed a wide range of privacy and data breaches on phones. Remote code execution flaws are by far among the most common security threats in software systems. Using these flaws, attackers can use various spam and spear phishing techniques into tricking a user into downloading a file. This file may include embedded macro codes, which in turn would enable a malware to operate in your device. Once the malware is operational, it looks for unpatched security vulnerabilities in the firmware code for various actions, such as calling on a remote server to download additional malware, using privilege escalation breaches to gain control of a device, and in the worst case scenario, do both tasks simultaneously to completely take over a user's device.
Such flaws can be particularly critical, which is what makes Samsung's December Android security update a very important one. Users are advised to check for software updates on their phones, and patch their devices at the earliest possible in order to stay safe from such vulnerabilities. While other security flaws in the system may persist in the form of zero-day exploits, such risks would also be taken care of in a monthly basis, as is what happens every year. However, Samsung appears to have issued the software update on some of its lower rank Galaxy smartphones with security patches dated only until December 1, 2020. Given that Google issued its vulnerability patches on December 5, these phones would still remain at risk to a number of the said privacy and data risks. For such devices, a subsequent security update is expected to roll out quite soon.
Samsung is also expected to launch its latest generation flagship smartphones, the Galaxy S21 series, at a virtual event tipped to happen next month. The new devices are expected to be somewhat incremental in their update nature, and may bring about an overall refresh to the already loaded Galaxy S20 series.