Path: ...!weretis.net!feeder8.news.weretis.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Jolly Roger <jollyroger@pobox.com>
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system,comp.mobile.ipad
Subject: Re: Yet again, Apple forgot to sufficiently test desktop & iOS
 versions
Date: 15 May 2024 03:01:31 GMT
Organization: People for the Ethical Treatment of Pirates
Lines: 41
Message-ID: <laimsbFmkmhU5@mid.individual.net>
References: <v213g8$oi4$1@nnrp.usenet.blueworldhosting.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net A7ga/QoXFIh/DmadlqZNqQtuuBFqH7C+qNsipgGMLELYfbSzzP
Cancel-Lock: sha1:ATOuyQ/UQbS8yRFlBU/GJm3clgg= sha256:UuASVtcAP9kCGlpqqGfHs/tveXT3OOgusruipzSnO2Y=
Mail-Copies-To: nobody
X-Face: _.g>n!a$f3/H3jA]>9pN55*5<`}Tud57>1<n@LQ!aZ7vLO_nWbK~@T'XIS0,oAJcU.qLM
 dk/j8Udo?O"o9B9Jyx+ez2:B<nx(k3EdHnTvB]'eoVaR495,Rv~/vPa[e^JI+^h5Zk*i`Q;ezqDW<
 ZFs6kmAJWZjOH\8[$$7jm,Ogw3C_%QM'|H6nygNGhhl+@}n30Nz(^vWo@h>Y%b|b-Y~()~\t,LZ3e
 up1/bO{=-)
User-Agent: slrn/1.0.3 (Darwin)
Bytes: 3089

On 2024-05-15, Andrew <andrew@spam.net> wrote:
> Yet again, Apple forgot to sufficiently test desktop & iOS versions.

Samsung has just released an update for its flagship devices—this
includes two ‘critical’ security fixes, one of which is late and should
be installed urgently....

Samsung is on a roll, and its flagship Galaxy users are again being
given an early look at the new Android monthly security update almost as
soon as Google reveals details of the urgent fixes being released this
time around.

That said, it’s not all smooth running. One critical fix that Google
included in its April security release is only just being made available
by Samsung now—this Qualcomm modem issue could potentially lead to a
memory corruption issue during a secure comms “handshake,” and such
memory vulnerabilities open doors to exploitation.

The other critical fix for May impacts the phone’s change log process,
which could lead to “local escalation of privilege with no additional
execution privileges needed.”

Details—as ever—remain scarce for now, but Google says the critical tag
“is based on the effect that exploiting the vulnerability would possibly
have on an affected device.” Such an attack in isolation would require
“platform and service mitigations” to be off, but vulnerabilities can be
exploited as part of a more sophisticated chain attack.

Over the coming days, Galaxy users will see the updates made available
as per usual—dependent upon region and carrier. Samsung will focus on
its newest, priciest devices first, and then work down the list. Owners
of older, cheaper devices may already be on a quarterly schedule—or
worse. You can find details here:

<https://security.samsungmobile.com/workScope.smsb>

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR