Select Page

Download: G390FXXU2ARA4 | Galaxy Xcover 4 SM-G390F SFR France

Download: G390FXXU2ARA4 | Galaxy Xcover 4 SM-G390F SFR France

You’re going to download the Samsung Galaxy Xcover SM-G390F Firmware G390FXXU2ARA4 Android 7.0 Nougat.

Samsung is rolling out the January 2018 security update for the Galaxy Xcover based on Android 7.0 Nougat, and you can download this Stock Firmware Update for your Galaxy Xcover here from the current page.

The January 2018 Security Patch Update brings fixes for some issues such as critical vulnerabilities that detected in the Android OS as well as scores of moderate-risk and high-risk vulnerabilities. You can check the details of the G390FXXU2ARA4 January 2018 Security Update Changelog at the bottom of this page.

Download the firmware update for the Samsung Galaxy Xcover SM-G390F. Product Code for this firmware is SFR and it’s from Country/ Carrier France. The PDA Version of this Firmware is G390FXXU2ARA4 and CSC is G390FOXJ2ARA1. The Android Version is 7.0 Nougat. The changelist for this firmware is 12962328, build date is 26.01.2018 and the Security patch level date is 01.01.2018.

WARNING: This Stock Firmware Update released only for Samsung Galaxy Xcover SM-G390F, so do NOT try it in another Model number even if it has the same Device's name. Flashing wrong Firmware with Odin Tool or any other tools will brick you Android Phone, so you are the only one who responsible for that (We are NOT).

Model Name SAMSUNG Galaxy Xcover
Model Number SM-G390F
Country/ Carrier France
Region Code SFR
Android Version Android 7.0 Nougat
Changelist 12962328
Build Date 26.01.2018
Security Patch Level


Samsung Galaxy Xcover SM-G390F Stock Firmware Download

Download Page1 Download Page2

More Stock Firmware Updates for SM-G390F

Samsung Galaxy Xcover Review Video

Feel Free to Share this Firmware Update with your Friends.

How to Flash the Firmware Update With Odin Flashing Tool?

Brief instructions about Firmware Flashing

– Extract (unzip) the firmware file that you have downloaded.
– Download Odin Flashing Tool.
– Extract Odin ZIP file.
– Open Odin Flashing Tool.
– Reboot your Phone in Download Mode (press and hold Home + Power + Volume Down buttons).
– Connect your phone to the PC and wait until you get a blue sign in Odin.
– Add the firmware file to AP / PDA.
– Make sure re-partition option is not ticked.
– Click the start button, and wait few minutes.

Follow this tutorial for detailed and Step-by-step instructions.

Samsung January 2018 Security Patch Update Details (SMR-JAN-2018)

Along with Google patches, Samsung Mobile provides 13 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Jan-2018 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.

Note: In response to the disclosure of Meltdown and Spectre vulnerabilities (CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754), Samsung is adding patch for CVE-2017-13218, which is provided by Google and effectively mitigates all three related CVE’s. Samsung security index (SSI) of SMR Jan-2018 Release MS includes patch for CVE-2017-13218, in addition to all patches in SMR Jan-2018 Release 1.

SVE-2017-10599:vnswap Heap overflow via store function

Severity: Low
Affected versions: L(5.x), M(6.x), N(7.x)
Reported on: September 10, 2017
Disclosure status: Privately disclosed.
Lack of boundary checking in vnswap can lead to arbitrary write with privilege escalation.
The patch prevents from writing arbitrary data over the limit of buffer.

SVE-2017-9995:Vulnerability in S8’s InputMethodManagerService

Severity: Low
Affected versions: N(7.x)
Reported on: August 16, 2017
Disclosure status: Privately disclosed.
Device can be rebooted by calling unprotected system service.
The patch prevents a device from rebooting by checking caller’s package name,service name and uid.

SVE-2017-10732:Arbitrary code execution in bootloader via Integer overflow

Severity: Critical
Affected versions: N(7.x) on MT6755/MT6757 models (Mediatek)
Reported on: October 18, 2017
Disclosure status: Privately disclosed.
It is possible to make arbitrary code execution in Bootloader by integer overflow in download offset control.
The patch prevents integer overflow by checking the size value.

SVE-2017-10745:Buffer overflow in exynos chipset

Severity: Critical
Affected versions: All on S.LSI modem chipset
Reported on: November 3, 2017
Disclosure status: Privately disclosed.
There is a buffer overflow issue in the Exynos modem chipset and resulting in a possible baseband exploit.
The patch prevents the baseband exploit by checking the length and IEvalidation on session management module.

SVE-2017-10638:Information disclosure on Trustlet

Severity: Low
Affected versions: M(6.x), N(7.x) on Qualcomm chipsets
Reported on: September 29, 2017
Disclosure status: Privately disclosed.
A session information of trustlet is logged in user binary.
The patch prevents from printing a log which includes session information of the trustlet.

SVE-2017-10733:Stack overflow in Trustlet

Severity: Critical
Affected versions: N(7.x) on Exynos Chipsets
Reported on: September 15, 2017
Disclosure status: Privately disclosed.
A vulnerability allows an attacker to obtain pin/password/pattern lock screen data with system privileges via brute force attack.
The patch prevents arbitrary code execution in TEE using stack overflow attack.

SVE-2017-10906:System Crash via abnormal exception handling

Severity: Low
Affected versions: M(6.x), N(7.x)
Reported on: November 2, 2017
Disclosure status: Privately disclosed.
There is no proper exception handling in Telecom’s activity and it can make system crash via arbitrary calling component.
The patch applies proper exception handling to prevent system crash.

SVE-2017-10885:Sending Malicious ATCMD via DeviceTest application

Severity: Critical
Affected versions: M(6.x), N(7.x)
Reported on: November 18, 2017
Disclosure status: Privately disclosed.
Malicious AT Command can be executed with DeviceTest via NFC Tag from malicious application.
The patch prevents from executing malicious AT command in officially released binary with restriction to handle the command only in Factory binary.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

See Full details about January 2018 Security Patch Update here.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.