Samsung has released a new update for the Galaxy S9 and the Galaxy S9+ which brings the Android security patch for the month of September. The latest Android security patch fixes a number of critical vulnerabilities in Android and Samsung’s own software on the flagship devices.

The rollout of the new update has commenced in Europe and it will soon be available in more regions. We checked for the update on the Galaxy S9+ unit at Beebom but it is yet to arrive in India.

MNML Case Samsung Galaxy S9 S9+ 1

Unfortunately, if you’ve been waiting for the Android 9 Pie update on your Galaxy S9 or S9+, you are out of luck. However, the company has reportedly begun testing the Android Pie update for the Galaxy S9 and Galaxy S9+ internally.

The update does not bring any new features, but as detailed earlier by Samsung, the September security patch fixes a number of critical, high and moderate-level vulnerabilities, some of which are mentioned below:

  • Clipboard contents visible when device is locked
    • Clipboard was not disabled for emergency contact picker while the device is locked. The patch disabled the clipboard for emergency contact picker while the phone is locked.
  • Rooting of device with custom image
    • The vulnerability allows an attacker to use a specially modified image to run scripts in INIT context. The patch deleted all unnecessary execution commands in INIT.
  • QuickTools vulnerability
    • The vulnerability allows location permission to bypass lock screen when using the compass function in QuickTools. The patch checks the lock state and allows permission.
  • Smartwatch Displaying Secure Folder Notification Contents
    • The vulnerability allows hidden content notifications of Secure Folder to be displayed on a smartwatch. The patches blocks notifications to smartwatches coming from Secure Folder.
  • Security attack scenario while fake charging at public kiosk
    • The vulnerability allows an attacker to execute critical functions without user interaction or any permissions even when devices are locked. The patch restricts attacker from executing some critical functions while devices are locked.