In addition to the Google Security patches that you get every month (well, almost every month), Samsung has it’s own initiative called Samsung Maintenance Release (SMR) to tend to the security of its valued customers. The Note 7 fiasco brought down customer confidence to an all new low and Samsung has been striving to restore that confidence back ever since.
Though SMR isn’t new to the security game, it’s there and acts as a mediator to let people know that Samsung’s got you, security wise. With that said, the March Security update details are out and Samsung has brought to us a few Samsung Vulnerabilities and Exposures (SVE).
Restricted account security flaw
The issue is predominant in Lollipop and Marshmallow throughout all tablets. An unauthorized user can create accounts by taking advantage of the “Add user” option on the lockscreen in tablets. The patch solves this problem by removing the “Add User” option from the lockscreen.
Multiple Buffer Overflow in Qualcomm Bootloader
Buffer overflow from the Bootloader leads to crashing of applications, corrupting data or execution of dangerous code. The patch deals with this issue. This problem exists on the Qualcomm powered Galaxy S5.
Crash on AudioService
This issue allows attackers to compromise the AudioService and lead to Denial of Service attacks. The patch stops these system crashes.
One interesting point to note is that the finding of these vulnerabilities is done so by researchers both individual and those even working in competing companies. It just goes on to show that OEMs stand together when it comes to system security.
Source: Samsung
Discussion