It's been a week since the new Galaxy Z Flip 5 hit stores, and Samsung has released its first security update for its flagship foldable smartphone. I've had the Z Flip 5 a little longer because I pre-ordered it to take advantage of what's clearly a great trade-in deal. I can't lie; I'm surprised that the security update arrived so quickly, especially since it fixes a total of 86 vulnerabilities, including three from the critical list.
More from FORBESNew security surprise for 3 billion Google Chrome usersDave Winder
That's five out of five, as the Z Flip gets 60 months of security updates.
Samsung seems to be rolling out these security updates at breakneck speed, at least when it comes to their latest flagship devices. For example, in the past I've had delays of sometimes over a month getting security updates on my Note 10+ 5G. Great things about my Z Fold 3, the second user-optimized device for the amazing new Z Flip 5 Yellow.
Just like the length and quality of a manufacturer's car warranty, smartphone software and security updates are just as important. In fact, the fact that the Flip 5 guarantees four major Android OS updates and, most importantly, five years of security patch releases is a big factor for me.
August 5, 2023 Samsung Galaxy Z Flip Security Update
Galaxy Z Flip 5, which at launch ran Android 13 and received the July 2023 security update, now has a UI version 5.1.1 and the August 2023 security update, so what will August 2023 do. Step 1 Security Patch Repair?
First, in order to protect as many devices as possible, as usual when a new security update is released, full and official technical information is not provided. However, after other devices received the August update earlier in the month, Samsung released changelog SMR-AUG-2023. A total of 86 vulnerabilities were found. A total of 51 weaknesses and vulnerabilities were found on the Android side and 35 other weaknesses and vulnerabilities were found on the Samsung side. As for SVE, only 19 are listed in the changelog, while Samsung says the rest are "currently unknown." You can check its own changelog (with corresponding CVE numbers) for a complete list of CVEs and SVEs, but three are rated critical in this update: CVE-2023-21629 CVE-2023-21629 is a
modem
. Memory corruption issue due to "double freedom when parsing PKCS15 sim file". According to the VulDB database listing for CVE-2023-21629, the vulnerability exploit “affects privacy. Integrity and Availability", but there are currently no publicly available exploits.
CVE-2023-21282 is a remote code execution issue that "does not require elevated execute privileges". What is required for successful exploitation, as is often the case with such vulnerabilities, is user interaction. Again, no publicly available exploit is currently known.
SVE-2023-0821
SVE-2023-0821 (CVE-2023-30699) is a remote code execution vulnerability in the libsimba library. This vulnerability is rated 9.8 out of 10.
How can I make sure my Samsung Galaxy Z Flip 5 has the latest security update?
Due to the fragmented nature of the Android ecosystem, software updates, including security updates, are not always delivered simultaneously. You can check if your Z Flip 5 is protected from new security vulnerabilities by going to Settings > Software Update. Click Download and Install and your Flip will make sure you're up to date. While in the software update settings, make sure to enable auto-download on Wi-Fi as it will download any updates as long as you are connected to a Wi-Fi network.
More from ForbesCritical Google Security Hole Patches Chrome Bumper Update 116by Dave Winder
