Samsung has officially announced the contents of its July security patch, and Galaxy owners with current handsets can expect to see 16 Samsung-specific fixes this time around, on top of the security fixes that Google has on offer. The fixes are incorporated into the July 5, 2017 Android Security Bulletin for maximum possible security. Most of the fixes on offer in Samsung’s patch for this month center around buffer overflows and memory management, and take care of under-the-hood security issues that a typical user wouldn’t notice unless somebody used them to access their device. The only true user-facing fix this time around is for a bug in Galaxy devices still running Android 4.4 KitKat, in which the lock screen PIN code entry cursor can be in the wrong place.
Of the 16 fixes from Samsung in this patch, only 9 could be disclosed. The rest are considered too dangerous to have information about them floating around before it can be reasonably expected that all affected devices have gotten their patches. The nine fixes that are disclosed in the patch notes do not include any technical details, for obvious reasons. Skipping the aforementioned KitKat PIN lock bug, the most critical is a bug that allows illegal access to a device’s memory cache due to a boundary issue. The severity of that one is medium, as is a bug with size and capacity confirmation that can cause a buffer overflow. Those two fixes affect phones running Android 6.0 (Marshmallow) and 7.0 (Nougat).
On the low priority spectrum, there is a fix for a bug with the AdaptiveDisplayColorService that could cause a crash on devices running KitKat and higher. Another buffer overflow fix, this one concerning size verification in data going in and out of process_cipher_tdea, affects phones on Marshmallow and Nougat. A group of four separate fixes involving the NullPointerException process prevent a bug that could be exploited to crash a device with a DDoS attack, but this bug was only present in phones running Nougat. This leaves 7 bugs undisclosed in the report. Owners of recent Samsung smartphones and tablets can expect the July security patch containing these fixes to start hitting their devices in the next few weeks, depending on their device and carrier variant, if applicable. Some models, such as certain carrier variants of the Galaxy S7 family, just got their June patches recently.