July 17, 2023

Samsung & Android Security Fixes

Man holding a phone with android logo on the front.

Lookout Coverage and Recommendation for Admins

Lookout provides multilayered protection for devices that are exploitable through multiple vectors and could be compromised. To ensure your devices aren’t exposed to the vulnerabilities listed above, please ensure that these devices have their security patch levels updated. Samsung fixes were in 2021 security fixes and the rest of the exploited vulnerability list is fixed in Android’s July security patch level. Lookout highly recommends keeping security patch level updates on auto update. The other manufacturer’s are following up on releasing their security fixes and those should be applied to devices as soon as they are available.

Lookout admins should set default Out of Date SPL policy to have a minimum security patch level of July 2023. They can then choose whether to advise or alert the user that the device is out of compliance or block access to enterprise resources until security patch level is updated.

They can also utilise the escalation feature to auto update the severity, if not updated.

CISA is requiring all government organizations to update to the patched versions of Samsung devices by July 20th, 2023. The Android update must be applied by July 28th, 2023.


CISA announced 7 actively exploited vulnerabilities recently which were fixed by the vendors over the time. The first set refers to the software vulnerabilities affecting Samsung devices while the second set belongs to all Android devices.

Samsung specific vulnerabilities (also part of CISA guidelines to fix by July 20th, 2023):

  1. CVE-2021-25487: High severity, Out-of-bounds read vulnerability, leads to arbitrary code execution, fixed in Oct’21.
  2. CVE-2021-25489: Low severity, format string bug in modem interface driver, fixed in October 2021
  3. CVE-2021-25394 and CVE-2021-25395: Medium severity, use after free bugs in MFC charger driver, fixed in May’21
  4. CVE-2021-25371: Medium severity, allows attacker to load arbitrary ELF files inside DSP driver, fixed in Mar’21
  5. CVE-2021-25372: Medium severity, out-of-bounds access vulnerability in DSP driver, fixed in Mar’21

Android released two new security patch releases in July covering 3 actively exploited vulnerabilities amongst 46 new software security fixes. The three actively exploited ones are:

  1. CVE-2023-26083: memory leak bug with known instances of exploit in Samsung devices (part of CISA guidelines to fix by July 28th, 2023)
  2. CVE-2021-29256: use after free vulnerability allowing attacker to gain root privileges and gather sensitive data
  3. CVE-2023-2136: A critical severity Google Skia bug which was also addressed in Google Chrome April release

Lookout Analysis

All the vulnerabilities listed above are something which have been found to be actively exploited. While the Samsung fixes were available to the devices in March to October 2021 releases, the two android security patches were released in July 2023 fixing 46 software vulnerabilities of varying severity. Aside from the 3 listed above, the fixes also include a few other notable ones like CVE- 2023-21250, affecting the Android System component, which can cause remote code execution without user interaction or additional execution privileges, making it particularly precarious.



Cloud & Endpoint Security

Lookout is a cybersecurity company that makes it possible for tens of millions of individuals, enterprises and government agencies to be both mobile and secure. Powered by a dataset of virtually all the mobile code in the world -- 40 million apps and counting -- the Lookout Security Cloud can identify connections that would otherwise go unseen and predict and stop mobile attacks before they do harm. The world’s leading mobile network operators, including AT&T, Deutsche Telekom, EE, KDDI, Orange, Sprint, T-Mobile and Telstra, have selected Lookout as its preferred mobile security solution. Lookout is also partnered with such enterprise leaders as AirWatch, Ingram Micro, Microsoft, and MobileIron. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, Sydney, Tokyo, Toronto and Washington, D.C.

Platform(s) Affected
Entry Type
Threat Guidances
Threat Type
Platform(s) Affected
Threat Guidances
A person with a prosthetic arm working on a computer

Identify and Prevent Threats with Lookout Threat Advisory

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Lookout Threat Advisory offers advanced mobile threat intelligence, leveraging millions of devices in our global network and top security research insights to protect your organization.