Updates
Samsung January 2023 update patches 20 dangerous SVEs as well
Today, Samsung released the January 2023 security patch details for Galaxy devices. Alongside the Andorid patches by Google, Samsung patches 20 SVEs through the January 2023 update. This complete security OTA package ensures Galaxy customers’ confidence in security.
Follow Sammy Fans on Google News
The South Korean tech giant disclosed that the “SMR January 2023 Release 1” comes with all patches from Samsung and Google. Since the company already patched some SVEs with previous firmware updates, those may not be included in this latest package.
Join Sammy Fans on Telegram
It’s worth mentioning that the January 2022 patch brings fixes for 52 high levels of CVEs for Android devices. Google has not listed any critical or moderate level of CVE in its Android security bulletin, which is applicable on Samsung devices as well.
Samsung January 2023 patches
Below, you can check what SVE items are getting patched with the January 2023 software update on Samsung devices. The details include the given identity (CVE/SVE) of the threat, severity level, affected Android versions, report date, disclosure status and impact prior disclosure.
1. SVE-2022-2537(CVE-2023-21430): An out-of-bound read vulnerability in libSDKRecognitionText.spensdk.samsung.so library
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: October 24, 2022
- Disclosure status: Privately disclosed
- An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Jan-2023 Release 1 allows attacker to cause memory access fault.
- The patch adds proper boundary check logic to prevent out-of-bound access.
2. SVE-2022-2338(CVE-2023-21429): Implicit intent hijacking vulnerability in ePDG
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: September 20, 2022
- Disclosure status: Privately disclosed
- Improper usage of implicit intent in ePDG prior to SMR Jan-2023 Release 1 allows attacker to access SSID.
- The patch change the implicit intent to explicit intent.
3. SVE-2022-2320(CVE-2023-21428): Improper input validation vulnerability in TelephonyUI
- Severity: Moderate
- Affected versions: R(11), S(12), T(13)
- Reported on: September 19, 2022
- Disclosure status: Privately disclosed
- Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call.
- The patch removes unused code.
4. SVE-2022-2280(CVE-2023-21427): Improper access control vulnerabilities in NfcTile
- Severity: Moderate
- Affected versions: R(11), S(12), T(13)
- Reported on: September 15, 2022
- Disclosure status: Privately disclosed
- Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.
- The patch adds proper permission in NfcTile to prevent unauthorized access.
5. SVE-2022-2278(CVE-2023-21426): Hardcoded encryption key vulnerability in NFC
- Severity: Moderate
- Affected versions: Select Q(10) devices
- Reported on: September 15, 2022
- Disclosure status: Privately disclosed
- Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.
- The patch adds proper usage of random private key api to prevent key exposure.
6. SVE-2022-2261(CVE-2023-21425): Improper access control vulnerability in telecom application
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: September 15, 2022
- Disclosure status: Privately disclosed
- Improper access control vulnerability in telecom application prior to SMR Jan-2023 Release 1 allows local attackers to get sensitive information.
- The patch adds proper access control logic to prevent sensitive information leakage.
7. SVE-2022-2118(CVE-2023-21424): Improper Authorization vulnerability in SemChameleonHelper
- Severity: Moderate
- Affected versions: R(11), S(12), T(13)
- Reported on: September 3, 2022
- Disclosure status: Privately disclosed
- Improper handling of insufficient permissions or privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.
- The patch restricts privilege of the app that calls SemChameleonHelper in Telephony.
8. SVE-2022-1967(CVE-2023-21423): Improper authorization vulnerability in ChnFileShareKit
- Severity: Moderate
- Affected versions: S(12), T(13)
- Reported on: August 17, 2022
- Disclosure status: Privately disclosed
- Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.
- The patch adds proper permission.
9. SVE-2022-1931(CVE-2023-21422): Improper authorization vulnerability in WifiSevice
- Severity: Moderate
- Affected versions: R(11), S(12)
- Reported on: August 14, 2022
- Disclosure status: Privately disclosed
- Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.
- The patch adds permission check logic when call the service API.
10. SVE-2022-1672(CVE-2023-21421): Improper Handling of Insufficient Permissions or Privileges vulnerability in Knox Service
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: July 14, 2022
- Disclosure status: Privately disclosed
- Improper handling of insufficient permissions or privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.
- The patch adds proper signature check in KnoxCustomManagerService to prevent unauthorized access.
11. SVE-2022-1364(CVE-2023-21420): Use of Externally-Controlled Format String vulnerabilities in STST TA
- Severity: High
- Affected versions: Q(10), R(11) devices with Teegris
- Reported on: June 3, 2022
- Disclosure status: Privately disclosed
- Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.
- The patch restricts the triggering for the print of externally controlled format string code.
12. SVE-2022-0471(CVE-2023-21419): A vulnerability in Secure Folder
- Severity: Moderate
- Affected versions: S(12)
- Reported on: February 28, 2022
- Disclosure status: Privately disclosed
- An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.
- The patch adds restriction that lock the SecureFolder container when PIP is closed.
Samsung is rolling out a new update for the Galaxy S20, Galaxy S20 Plus, and Galaxy S20 Ultra, which comes with a big-size installation package of 1.3GB. The update installs the August 2023 security patch to improve system security.
However, the changelog of this update does not include any new feature or change except system security maintenance, stability optimizations, and bug fixes. Moreover, it updates several stock apps including Samsung Notes Add-ons, Galaxy Wearable, Kids, Notes, Health, SmartThing, Members, Wallet, Calculator, and Smart Switch to the latest version.
Users of the Samsung Galaxy S20 series can identify this massive update through One UI build version G98xU1UEU6HWHD. The update is currently rolling out for unlocked models in the US.
To install this update, you just need to visit Galaxy Store >> Software Updates >> Download and install.
Thanks for the tip! BrayhanRD😊
Samsung is pushing a new update with the September 2023 security update for the Galaxy S23, Galaxy S23 Plus, and Galaxy S23 Ultra smartphones in Brazil. This update is already available in the US, Canada, and Europe.
September 2023 security update for the Galaxy S23 series comes in Brazil with the One UI build version mentioned below.
- Galaxy S23 – S911BXXS3AWI3
- Galaxy S23 Plus – S916BXXS3AWI3
- Galaxy S23 Ultra – S918BXXS3AWI3
Users will have to download around 331.46MB package to install the update. The latest firmware fixes over 60 flaws found in smartphones and tablets in the previous version. The update improves the device’s system security, stability, and overall performance.
However, this update does not include any new feature or change. The update is rolling out gradually, so reaching all eligible devices may take some time. You can install the latest update through Settings >> Software Update >> Download and install.
September 2023 is going on and Samsung is sending a new update with a big package size for the Galaxy M52 smartphone. The update is currently rolling out in India and the company will soon make it available for all models.
The latest update brings an August 2023 security patch that mainly focuses on improving the security of your phone to keep your private files and data safe on your device. In addition, it optimizes system stability so that you can get seamless and uninterrupted functionality on your device.
The new update released in September 2023 for the Samsung Galaxy M52 smartphone can be identified through One UI build version M526BXXU3CWH4 and a huge package size of around 1.3GB.
The package size of this update is big so it is expected to bring new features and enhancements, however, the company hasn’t mentioned anything in the changelog but you may notice changes after installing the latest software. Furthermore, several apps will be updated to the latest version after the software update.
If you have a Galaxy M52 smartphone then, you can download the new update by navigating to Settings >> Software update >> Download and install option.
Samsung Galaxy M52 1.3GB Update – India #Samsung #gaalxym52 pic.twitter.com/WO0k0lCnkn
— Samsung Software Updates (@SamsungSWUpdate) September 21, 2023