We recently reported that software updates released this month for several Samsung smartphones lacked the September 2017 Android security patch. The Galaxy Note 8, Galaxy S6 duo, Galaxy S5, and the Galaxy A5 (2016) received updates this month sans the September security patch. Yesterday, the Galaxy S7 received a new software update, and we found out that it contains the fix for the recently surfaced BlueBorne vulnerability.
The BlueBorne vulnerability allows remote hackers to gain complete control over a Bluetooth-enabled device even when it is not paired with the hacker's device or even set to discoverable mode. It can affect smartphones, tablets, PCs, and even IoT devices. The software update released for the Galaxy S7 contains a fix for this vulnerability. Samsung has also plugged this vulnerability with a software update for the Galaxy Note 8, Galaxy S5, and the Galaxy A5 (2016).
For other Android smartphones, a fix for the BlueBorne vulnerability was fixed with the September 2017 security patch, but Samsung has plugged the hole on its devices with the August 2017 security patch. These updates are included in firmware versions that include the letter ‘I' in the penultimate position (for example, G930FXXU1DQIC for the Galaxy S7 and N950FXXU1AQI1 for the Galaxy Note 8). The Galaxy S8 and the Galaxy S8+ haven't received this fix yet.
This is the reason why so many Galaxy phones haven't received the September 2017 Android security patch yet. Samsung was busy in rolling out updates to fix the BlueBorne vulnerability, but there's still a chance that the company would roll out the latest Android security patch. If that doesn't happen, the company is most likely to include all the September security fixes with the October security update and roll them out at once.