October SMR includes patches from Google, which affect Galaxy 10 users as well as those with earlier devices from Samsung. There are also a whole bunch of vulnerabilities that specifically impact Galaxy 8 and Galaxy 9 device users. Amongst these, there is a Galaxy 9 vulnerability that is rated as being critical: SVE-2019-15435. This affects both the Galaxy S9 and Note 9, although details are sketchy as to the exact technical nature of the vulnerability as it has been “privately disclosed” to protect users until patches are installed. With around 30 million Galaxy 9 smartphones sold, and another 10 million Galaxy Note 9 devices, that’s a potential 40 million users who need to take notice of this warning.
What is known about SVE-2019-15435? As I say, not a lot. The only information that Samsung has published is as follows: “Enhancement in IMEI security mechanism is required for improved protection against potential IMEI manipulation.” It has been suggested this relates to a method of circumventing the IMEI blacklist which prevents stolen devices from being easily resold. Anything that gets around this kind of protection makes the devices involved more attractive to criminals who could get a better profit by selling them on with a “clean” IMEI number.
