Eleven security flaws found in Samsung Galaxy S6 Edge, three of them yet to be addressed
Google’s Project Zero researched the Samsung Galaxy S6 Edge and discovered and reported 11 high-impact security issues as a result.
To date, Samsung has fixed eight vulnerabilities and has promised to fix the remaining ones in November. One of the unfixed issues “allows an attacker to execute JavaScript embedded in emails, which increases the attack surface of the email client, but otherwise has unclear impact.”
Google has also lauded Samsung for having fixed a majority of issues, several of which were high impact ones, within 90 days after being reported.
As per Google, the motive behind selecting the Galaxy S6 Edge was that Samsung as an Original Equipment Manufacturer (OEM) made use of the Android Open-Source Project (AOSP) which is an important area for Android security research.
“OEMs are an important area for Android security research, as they introduce additional (and possibly vulnerable) code into Android devices at all privilege levels, and they decide the frequency of the security updates that they provide for their devices to carriers,” said Google.
A spokesperson for Samsung said:
“At Samsung, maintaining the trust of our customers is a top priority. To deliver on this commitment, we launched a monthly Samsung Security Update program starting last October.
“In our first Security Update, we were able to provide solutions to eight of the more critical issues that were brought to our attention by Google as part of their 90-day reporting policy. The remaining three issues will be included as part of our November Security Update which will be rolling out over the next couple of weeks. Samsung encourages users to keep their software and apps updated at all times.â€Â