Releasing proper, extensive and comprehensive changelogs seems to be a dying practice nowadays. Don’t believe us? Well, just open up the Play Store or App Store page for a few of your favorite apps and enjoy informative statements such as “bugs fixes” and “added new features”.
The point is that some still take documentation seriously and this should frankly always be the case when it comes to security patches. In keeping with this spirit, Samsung has published a detailed rundown of its October security patch. If you are interested, definitely check it out at the source link.
As for a quick rundown, it covers a total of 68 Common Vulnerabilities and Exposures (CVE), some of which in the Android OS itself and others related to the company’s own devices. An interesting highlight includes what is said to be a possible security weakness in the iris scanner matching algorithm for the Galaxy Note7.
The latter could have potentially caused a lot of trouble for the Korean giant, if it was found and exploited by hackers to compromise Samsung’s lofty security claims for the device. As a matter of fact, most of the patched holes, weaknesses and exploits could have devastating consequences in the wrong hands and not only for Samsung phones (remember, some of these are within the core Android OS).
This is why Samsung’s otherwise detailed rundown does contain some “privately disclosed” entries. Releasing those publicly could still give hackers enough time to strike before the patch rolls out, or possibly utilize them to target older or offline devices. But rest assured, they have definitely made their way to the concerned and responsible parties.
Source | Via