Samsung’s Android division just started pushing out the September security patch to the Galaxy S6 Edge+ device so all of the company’s 2015 flagships will soon be completely updated with the latest set of Android safety improvements. The new patch is approximately 160MB in size and is gradually rolling out worldwide. Your Galaxy S6 Edge+ should notify you of the update’s availability but if you want to try to initiate the download manually, you can do that by navigating to the device’s Settings app, selecting “About Device”, “Software Updates”, and finally tapping “Update Now”. Of course, note that the update is only rolling out to the International, unlocked version of Samsung Galaxy S6 Edge+ as it is being pushed out by the device’s manufacturer. If you don’t own that model, you’re going to have to wait for your carrier to approve the security patch which may take a few weeks.
Unfortunately, a detailed changelog for this latest update still hasn’t been published so we’re still not aware of all of the changes and improvements it brings. However, a partial log that can currently be found on the Android Open Source Project page does tell us a few things. For starters, the September security update introduces a plethora of fixes for various vulnerabilities recently discovered in the Android operating system. Most notably, this patch completely redesigns the Mediaserver which used to be vulnerable to malicious attacks via MMS and Google Hangouts messages. The attacks were theoretically possible thanks to the infamous Stagefright vulnerability. Namely, ever since Android 2.2, the most popular operating system on the planet contained a flawed library called libStageFright which the OS used to process video as soon as it’s received by the device. Something inside this library made the aforementioned attack possible but thankfully, the September security patch finally does away with libStageFright.
The update also patches another vulnerability to remote code execution related to MediaMuxer and deals with well over twenty problems with potentially elevated app privileges. Finally, Google decided to break up the patch into three vulnerability segments so that device manufacturers have more flexibility in regards to which subset of problems they want to fix first if they choose to gradually roll out the contents of the update.