According to Google’s Project Zero team, a group of security researchers, Samsung’s timing couldn’t have been better. Although hindered by a number of effective security measures, they found three logic issues, deemed trivial, that were also easily found and exploited. The worst of the bugs even let an enterprising hacker write files to the system without permission.
Advertisement
After a week of testing, the analysts identified device drivers and media processing as the weakest areas on Samsung’s flagship device.
“Unfortunately, the API used to unzip the file does not verify the file path, so it can be written in unexpected locations”, explained Project Zero member Natalie Silvanovich.
While most of these security holes were promptly fixed by Samsung, it’s still worrisome that a dedicated team can find so many bugs in such a short timespan.
Samsung did not also say when these devices, which we can assume are the “newer” or released this year devices, will be receiving their Marshmallow update.
While the 11 vulnerabilities aboard the Galaxy S6 edge had been reported to Samsung, 8 of them have already been resolved with a recent maintenance release that Samsung pushed out in October.
In a week, Google discovered 11 security issues that could potentially affect the Samsung device.
You can always manually check for the update, go to Settings, click on About Phone and tap on Check for updates.
The company has made strides to clear malware and misbehaving apps from its Google Play Store, as well as pledging to issue security updates once a month for its own Nexus line of devices. “The remaining three issues will be included as part of our November security update which will be rolling out over the next couple of weeks”.
Brand and his team members had informed Samsung about similar vulnerabilities in other Samsung smartphones and publicly disclosed the same in July.
Advertisement
Pocket-Lint has pointed out that the last time there was a major upgrade of Android to version 5.0 (otherwise known as Android L or Lollipop) it took 31 days after the Google Launch.
