Samsung Galaxy J1 2016, Galaxy J3 2016 and Galaxy J1 Ace Neo Security Update Available

Three Galaxy J handsets are getting the latest February Android security patch, which fixed a Critical security vulnerability that could “enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.” The three devices that will be more protected with the new update are Galaxy J1 2016, Galaxy J3 2016 and Galaxy J1 Ace Neo.

The Galaxy J1 2016 owners will get the update as an OTA file with a build number J120FNXXU1AQB1, for the Galaxy J3 2016 rolls out version J320MUBU0AQB1, while the Galaxy J1 Ace Neo is getting the build number J111MUBU0AQB2. Users who haven’t received the update yet can manually check for it by going to Settings > About device > System Updates, and download the file only if the phone has over 50 percent battery life.

According to the change-log, February Android security patch addressed the following issues:

Critical:

• Remote code execution vulnerability in Surfaceflinger;
• Remote code execution vulnerability in Mediaserver;

High:

• Remote code execution vulnerability in libgdx;
• Remote code execution vulnerability in libstagefright;
• Elevation of privilege vulnerability in Java.Net;
• Elevation of privilege vulnerability in Framework APIs;
• Elevation of privilege vulnerability in Mediaserver;
• Elevation of privilege vulnerability in Audioserver;
• Information disclosure vulnerability in AOSP Mail;
• Information disclosure vulnerability in AOSP Messaging;
• Information disclosure vulnerability in Framework APIs;
• Denial of service vulnerability in Bionic DNS;

Moderate:

• Elevation of privilege vulnerability in Bluetooth;
• Information disclosure vulnerability in AOSP Messaging;
• Information disclosure vulnerability in Audioserver;
• Information disclosure vulnerability in Filesystem.

There are still some issues left that Google will need to fix in the next Android security patch:

Critical:

• Remote code execution vulnerability in Qualcomm crypto driver;
• Elevation of privilege vulnerability in kernel file system;
• Elevation of privilege vulnerability in NVIDIA GPU driver;
• Elevation of privilege vulnerability in kernel networking subsystem;
• Elevation of privilege vulnerability in Broadcom Wi-Fi driver;
• Vulnerabilities in Qualcomm components;

High:

• Elevation of privilege vulnerability in MediaTek driver;
• Elevation of privilege vulnerability in Synaptics touchscreen driver ;
• Elevation of privilege vulnerability in Qualcomm Secure Execution Environment Communicator driver;
• Elevation of privilege vulnerability in Qualcomm sound driver;
• Elevation of privilege vulnerability in Qualcomm Wi-Fi driver;
• Elevation of privilege vulnerability in Realtek sound driver;
• Elevation of privilege vulnerability in HTC touchscreen driver;
• Information disclosure vulnerability in NVIDIA video driver;

Moderate:

• Elevation of privilege vulnerability in Broadcom Wi-Fi driver;
• Elevation of privilege vulnerability in Audioserver;
• Elevation of privilege vulnerability in kernel file system;
• Information disclosure vulnerability in Qualcomm Secure Execution Environment Communicator ;
• Information disclosure vulnerability in Qualcomm sound driver.