Security Updates

  • Samsung Visual Display is releasing Security Vulnerability Patch (SVP).

    Note: If your TV uses the default update settings, the latest firmware will have been automatically installed. Also, you can download new version of firmware on https://www.samsung.com.
    • How to check update setting: [Menu] -> [Support] ->[Software Update] -> Auto Update=ON.
    • How to check Software Name: [Menu] -> [Support] ->[About This TV].
    • Delivery time of security patches may vary depending on the regions and models.
    • SVE-2020-50136
      • Weakness: Remove vulnerable fuction in nodejs.
      • Patch information: The patch removes vulnerable function.
      • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
        20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)

      SVE-2021-50001
      • Weakness: buffer overflow patch on tz-playerservice.
      • Patch information: The patch adds proper check.
      • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
        20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
    • SVE-2021-50015, SVE-2021-50016, SVE-2021-50017
      • Weakness: opensource vulnerability patch.
      • Patch information: The official patch addressed the issue.
      • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
        20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
        21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUABC)

      SVE-2020-50175
      • Weakness: Remove vulnerable TVkey code.
      • Patch information: The patch removes vulnerable code.
      • Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
        21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUABC)
    • SVE-2020-50168, SVE-2020-50169
      • Weakness: Type confusion vulnerabilities exist in V8.
      • Patch information: The official patch addressed the issue.
      • Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
    • SVE-2020-50021
      • Weakness: Out-of-bounds access vulnerabilities exist in V8.
      • Patch information: The official patch addressed the issue.
      • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)

      SVE-2019-50128
      • Weakness: A vulnerability on JS API allows a attacker to read arbitrary files within the system.
      • Patch information: The patch adds proper permission check.
      • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)

      SVE-2020-50036, SVE-2020-50037
      • Weakness: Out-of-bounds access vulnerabilities exist in kernel driver.
      • Patch information: The patch deletes unused functions.
      • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)

      SVE-2020-50024
      • Weakness: Vulnerabilities allow unauthorized users to control the application.
      • Patch information: The patch adds proper check.
      • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)

    • SVE-2020-50036, SVE-2020-50037
      • Weakness: Out-of-bounds access vulnerabilities exist in kernel driver.
      • Patch information: The patch deletes unused functions.
      • Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)

      SVE-2020-50024
      • Weakness: Vulnerabilities allow unauthorized users to control the application.
      • Patch information: The patch adds proper check.
      • Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)

    • SVE-2020-50021
      • Weakness: Out-of-bounds access vulnerabilities exist in V8.
      • Patch information: The official patch addressed the issue.
      • Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)

      SVE-2019-50078, SVE-2019-50085, SVE-2019-50086
      • Weakness: Possible heap overflow vulnerabilities exist in the drm driver.
      • Patch information: The patch adds the proper validation of the parameter.
      • Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)

      SVE-2019-50109
      • Weakness: A possible memory leak vulnerability exists in FreeRDP.
      • Patch information: Official patches will be applied.
      • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)

      SVE-2019-50128
      • Weakness: A vulnerability on JS API allows a attacker to read arbitrary files within the system.
      • Patch information: The patch adds proper permission check.
      • Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)

    • SVE-2018-50072
      • Weakness: Double free vulnerability exists in Linux Kernel.
      • Patch information: Official patches have applied .
      • Update Models: 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)

    • SVE-2019-50052, SVE-2019-50055
      • Weakness: Type confusion vulnerabilities exist in V8.
      • Patch information: Official patches have applied.
      • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)

      SVE-2019-50054
      • Weakness: An improper verification of return value in V8 could lead to object corruption.
      • Patch information: Official patches have applied.
      • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)

      SVE-2019-50057, SVE-2019-50061
      • Weakness: Integer overflow vulnerabilities exist in V8.
      • Patch information: Official patches have applied.
      • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)

      SVE-2019-50058, SVE-2019-50059, SVE-2019-50060
      • Weakness: Out-of-bounds access vulnerabilities exist in V8.
      • Patch information: Official patches have applied.
      • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)

      SVE-2019-50070
      • Weakness: Type confusion vulnerabilities exist in V8.
      • Patch information: Official patches have applied.
      • Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)

    • SVE-2019-50017
      • Weakness: Insufficient permission check in SDB allows unauthorized users to get application`s information.
      • Patch information: Permission check logic for debug commands has improved.
      • Update Models: 15 year models (T-HKPAKUC, T-HKMFAKUC, T-HKPDEUC, T-HKMFDEUC, T-HKPUABC, T-HKMFUABC, T-HKPDCNC, T-HKMAKUC, T-HKM6AKUC, T-HKMDEUC, T-HKM6DEUC, T-HKMUABC, T-HKM6UABC, T-HKMDCNC, T-HKM6DCNC, T-HKMDEUC, T-HKM6DEUC, T-HKMFDEUC, T-HKMDEUC, T-HKM6DEUC, T-HKMFDEUC)

      SVE-2018-50072
      • Weakness: Double free vulnerability exists in Linux Kernel.
      • Patch information: Official patches have applied.
      • Update Models: 15 year models (T-HKPAKUC, T-HKMFAKUC, T-HKPDEUC, T-HKMFDEUC, T-HKPUABC, T-HKMFUABC, T-HKPDCNC, T-HKMAKUC, T-HKM6AKUC, T-HKMDEUC, T-HKM6DEUC, T-HKMUABC, T-HKM6UABC, T-HKMDCNC, T-HKM6DCNC, T-HKMDEUC, T-HKM6DEUC, T-HKMFDEUC, T-HKMDEUC, T-HKM6DEUC, T-HKMFDEUC)

    • SVE-2017-50246
      • Weakness: Ginga-NCL application with malicious Lua code allow remote code execution.
      • Patch information: The patch prevents lua bytecode execution.
      • Update Models: 18 year models only ISDB (T-KTM2UABC, T-KTM2LUABC, T-KTSUUABC, T-KTSNUABC), 17 year models only ISDB (T-KTMUABC, T-KTSUABC)

      SVE-2019-50032
      • Weakness: Use-After-Free vulnerability exists in Linux kernel.
      • Patch information: Official patches have applied.
      • Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)

      SVE-2019-50020
      • Weakness: Integer overflow vulnerability in SQLite could allow remote attackers to execute arbitrary code.
      • Patch information: Official patches have applied.
      • Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)

      SVE-2019-50070
      • Weakness: Type confusion in V8.
      • Patch information: Official patches have applied.
      • Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)

      SVE-2019-50017
      • Weakness: Insufficient permission check in SDB allows unauthorized users to get application`s information.
      • Patch information: Permission check logic for debug commands has improved.
      • Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)

    • SVE-2019-50017
      • Weakness: Insufficient permission check in SDB allows unauthorized users to get application`s information.
      • Patch information: Permission check logic for debug commands has improved.
      • Update Models: 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)

    • SVE-2019-50019
      • Weakness: Type confusion vulnerability in V8 could allow a remote attacker to potentially exploit heap corruption.
      • Patch information: Official patches have applied
      • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)

      SVE-2019-50020
      • Weakness: Integer overflow vulnerability in SQLite could allow remote attackers to execute arbitrary code.
      • Patch information: Official patches have applied
      • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)

      SVE-2019-50027
      • Weakness: Use-After-Free vulnerability in FileReader could allow a remote attacker to potentially perform out of bounds memory access.
      • Patch information: Official patches have applied
      • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)

      SVE-2019-50032
      • Weakness: Use-After-Free vulnerability exists in Linux kernel.
      • Patch information: Official patches have applied
      • Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)

    • SVE-2019-50022
      • Weakness: A possible Integer Truncation in FreeRDP could lead to a Heap-Based Buffer Overflow.
      • Patch information: The official patch addressed the issue.
      • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)

      SVE-2019-50023
      • Weakness: A possible Integer Overflow in FreeRDP could lead to a Heap-Based Buffer Overflow.
      • Patch information: The official patch addressed the issue.
      • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)

      SVE-2019-50024
      • Weakness: A possible several Out-Of-Bounds Read vulnerabilities in FreeRDP NTLM Authentication module.
      • Patch information: The official patch addressed the issue.
      • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)

      SVE-2019-50017
      • Weakness: Insufficient permission check in SDB allows unauthorized users to get application`s information.
      • Patch information: Permission check logic for debug commands has improved.
      • Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)

    • SVE-2019-50022
      • Weakness: Symlink race vulnerability on auto start script could lead to privilege escalation.
      • Patch information: The patch add proper validation logic for file type.
      • Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)

    • SVE-2018-50056
      • Weakness: Malicious cloud apps could be launched through Smartview websocket API.
      • Patch information: The patch removes unused code.
      • Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC ), 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)

      SVE-2018-50036
      • Weakness: Use-after-free vulnerability exist in webkit.
      • Patch information: The official patch addressed the issue.
      • Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC), 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)

      SVE-2018-50072
      • Weakness: Double-free vulnerability exist in Linux kernel.
      • Patch information: The official patch addressed the issue.
      • Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC), 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)

    • SVE-2018-50016
      • Weakness: A possible command Injection vulnerability exists on sdbd.
      • Patch information: The patch adds the proper validation logic.
      • Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)

      SVE-2018-50017, SVE-2018-50019
      • Weakness: A possible buffer overflow and memory leak vulnerabilities exist on sdbd.
      • Patch information: The patch adds proper validation logic and pointer handling.
      • Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)

      SVE-2018-50027, SVE-2018-50028, SVE-2018-50032
      • Weakness: A possible remote control attack when a desktop or mobile device in the same network with TV accesses a malicious phishing site.
      • Patch information: The patch enhances the CORS rule and adds authentication and encryption on remote control API.
      • Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)

      SVE-2016-50069, SVE-2017-50272
      • Weakness: Improper permission for files within USB driver could lead to privilege escalation.
      • Patch information: The patch adds several options when mounting usb driver.
      • Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)

      SVE-2017-50219
      • Weakness: Command injection when calling the dbus method could cause privilege escalation.
      • Patch information: The patch adds the proper validation logic.
      • Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)

    • SVE-2016-50069, SVE-2017-50272
      • Weakness : Improper permission for files within USB driver could lead to privilege escalation.
      • Patch information : The patch adds several options when mounting usb driver.
      • Update Models: 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)

      SVE-2017-50219
      • Weakness : Command injection when calling the dbus method could cause privilege escalation.
      • Patch information : The patch adds the proper validation logic.
      • Update Models: 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)

      SVE-2017-50075, SVE-2017-50281, SVE-2017-50282
      • Weakness : Malicious cloud apps could be launched through Smartview API
      • Patch information : The patch adds proper validation logic
      • Update Models: 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)

      SVE-2017-50116
      • Weakness : A vulnerability on webkit can lead to memory corruption.
      • Patch information : The patch adds exception handling.
      • Update Models : 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)

      SVE-2017-50163
      • Weakness : XML External Entity Injection on a web application.
      • Patch information : The patch disables the external entity.
      • Update Models : 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)

      SVE-2017-50136
      • Weakness : A vulnerability in tzdemuxerservice caused memory corruption in TrustZone.
      • Patch information : The patch adds the proper validation of the parameter.
      • Update Models : 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)

      SVE-2017-50257
      • Weakness : Unauthorized contents can be played in a special case.
      • Patch information : The patch adds proper session management.
      • Update Models : 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)

      SVE-2018-50043
      • Weakness : The privacy issue of the Login with Facebook.
      • Patch information : The patch remove the 'Login with Facebook' function.
      • Update Models : 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)

    • SVE-2018-50027, SVE-2018-50028, SVE-2018-50032
      • Weakness : A possible remote control attack when a desktop or mobile device in the same network with TV accesses a malicious phishing site.
      • Patch information : The patch enhances the CORS rule and adds authentication and encryption on remote control API.
      • Update Models : 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)

      SVE-2018-50043
      • Weakness : The privacy issue of the Login with Facebook.
      • Patch information : The patch remove the 'Login with Facebook' function.
      • Update Models : 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC), 17 year products (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)

      SVE-2017-50163
      • Weakness : XML External Entity Injection on a web application could allow a attacker to read arbitrary files within the system.
      • Patch information : The patch disables the external entity.
      • Update Models : 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)

      SVE-2017-50136
      • Weakness : A vulnerability in tzdemuxerservice could cause memory corruption in TrustZone.
      • Patch information : The patch adds the proper validation of the parameter.
      • Update Models : 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)

    • SVE-2017-50250
      • Weakness : A possible replay attack on a WPA2-enabled network.
      • Patch information : The official patch addressed the issue.
      • Update Models : 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)