Download G950U1UES3CRE2 for SM-G950U1 (AT&T)

Brief instructions about Firmware Flashing

– Extract (unzip) the firmware file that you have downloaded.

– Download Odin Flashing Tool.

– Extract Odin ZIP file.

– Open Odin Flashing Tool.

– Reboot your Phone in Download Mode (press and hold Home + Power + Volume Down buttons).

– Connect your phone to the PC and wait until you get a blue sign in Odin.

– Add the firmware file to AP / PDA.

– Make sure re-partition option is not ticked.

– Click the start button, and wait few minutes.

Follow this tutorial for detailed and Step-by-step instructions.

Along with Google patches, Samsung Mobile provides 7 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR May-2018 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.

SVE-2018-11552: Bootloader not to check an integrity of specially system image

Severity: High
Affected versions: N(7.x), O(8.0) devices with MSM8998 and SDM845 chipset
Reported on: February 24, 2018
Disclosure status: Publicly disclosed.
There was a vulnerability within the verification of Qualcomm MSM8998 and SDM845 bootloader and it may allow an attacker to bypass secure boot given the attacker gains root privilege.
The patch has been applied to properly check the integrity of system image.

SVE-2018-11633: Theft of arbitrary files leading to emails and email accounts takeover

Severity: Moderate
Affected versions: M(6.0)
Reported on: February 11, 2018
Disclosure status: Privately disclosed.
This vulnerability allows an attacker to gain information of email by calling unprotected intent.
The patch sanitized files not to expose email information.

SVE-2018-11358: Out of Bounds access vulnerability in kernel driver

Severity: Low
Affected versions: M(6.0), N(7.x), O(8.0) devices with Exynos chipset
Reported on: February 19, 2018
Disclosure status: Privately disclosed.
Assuming root privilege is achieved, this vulnerability allows an attacker to gain an Out Of Bounds Read/Write leading to possible arbitrary code execution.
The patch removed the part of code related to Out Of Bounds access.

SVE-2017-10897: NFC activated by magnet

Severity: Low
Affected versions: N(7.0)
Reported on: September 14, 2017
Disclosure status: Privately disclosed
The vulnerability allows NFC activation to bypass lockscreen when a magnet is close to a specific point of device.
The patch disabled NFC activation in such event.

SVE-2018-11599: Buffer Overflow in Trustlet

Severity: Critical
Affected versions: O(8.0) devices with Exynos chipset
Reported on: March 20, 2018
Disclosure status: Privately disclosed.
Buffer overflow vulnerability exist in trustlet.
The patch prevented a buffer overflow by using a verified size.

SVE-2018-11600: Information disclosure on Trustlet

Severity: Moderate
Affected versions: O(8.0)
Reported on: March 20, 2018
Disclosure status: Privately disclosed.
The address information of trustlet is logged.
The patch deleted all logs related to address information of trustlet.

SVE-2017-10748: Accessing the Clipboard content using Edge panel(Clipboard Edge) without unlocking the Phone

Severity: High
Affected versions: N(7.x), O (8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8)
Reported on: October 27, 2017
Disclosure status: Privately disclosed.
The clipboard edge content can be leaked with attackers without any of user authentication.
The patch adds protection to hide clipboard contents immediately when device is locked.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

See Full details about May, 2018 Security Patch Update here.