Updates
Samsung January 2023 update patches 20 dangerous SVEs as well
Today, Samsung released the January 2023 security patch details for Galaxy devices. Alongside the Andorid patches by Google, Samsung patches 20 SVEs through the January 2023 update. This complete security OTA package ensures Galaxy customers’ confidence in security.
Follow Sammy Fans on Google News
The South Korean tech giant disclosed that the “SMR January 2023 Release 1” comes with all patches from Samsung and Google. Since the company already patched some SVEs with previous firmware updates, those may not be included in this latest package.
Join Sammy Fans on Telegram
It’s worth mentioning that the January 2022 patch brings fixes for 52 high levels of CVEs for Android devices. Google has not listed any critical or moderate level of CVE in its Android security bulletin, which is applicable on Samsung devices as well.
Samsung January 2023 patches
Below, you can check what SVE items are getting patched with the January 2023 software update on Samsung devices. The details include the given identity (CVE/SVE) of the threat, severity level, affected Android versions, report date, disclosure status and impact prior disclosure.
1. SVE-2022-2537(CVE-2023-21430): An out-of-bound read vulnerability in libSDKRecognitionText.spensdk.samsung.so library
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: October 24, 2022
- Disclosure status: Privately disclosed
- An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Jan-2023 Release 1 allows attacker to cause memory access fault.
- The patch adds proper boundary check logic to prevent out-of-bound access.
2. SVE-2022-2338(CVE-2023-21429): Implicit intent hijacking vulnerability in ePDG
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: September 20, 2022
- Disclosure status: Privately disclosed
- Improper usage of implicit intent in ePDG prior to SMR Jan-2023 Release 1 allows attacker to access SSID.
- The patch change the implicit intent to explicit intent.
3. SVE-2022-2320(CVE-2023-21428): Improper input validation vulnerability in TelephonyUI
- Severity: Moderate
- Affected versions: R(11), S(12), T(13)
- Reported on: September 19, 2022
- Disclosure status: Privately disclosed
- Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call.
- The patch removes unused code.
4. SVE-2022-2280(CVE-2023-21427): Improper access control vulnerabilities in NfcTile
- Severity: Moderate
- Affected versions: R(11), S(12), T(13)
- Reported on: September 15, 2022
- Disclosure status: Privately disclosed
- Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.
- The patch adds proper permission in NfcTile to prevent unauthorized access.
5. SVE-2022-2278(CVE-2023-21426): Hardcoded encryption key vulnerability in NFC
- Severity: Moderate
- Affected versions: Select Q(10) devices
- Reported on: September 15, 2022
- Disclosure status: Privately disclosed
- Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.
- The patch adds proper usage of random private key api to prevent key exposure.
6. SVE-2022-2261(CVE-2023-21425): Improper access control vulnerability in telecom application
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: September 15, 2022
- Disclosure status: Privately disclosed
- Improper access control vulnerability in telecom application prior to SMR Jan-2023 Release 1 allows local attackers to get sensitive information.
- The patch adds proper access control logic to prevent sensitive information leakage.
7. SVE-2022-2118(CVE-2023-21424): Improper Authorization vulnerability in SemChameleonHelper
- Severity: Moderate
- Affected versions: R(11), S(12), T(13)
- Reported on: September 3, 2022
- Disclosure status: Privately disclosed
- Improper handling of insufficient permissions or privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.
- The patch restricts privilege of the app that calls SemChameleonHelper in Telephony.
8. SVE-2022-1967(CVE-2023-21423): Improper authorization vulnerability in ChnFileShareKit
- Severity: Moderate
- Affected versions: S(12), T(13)
- Reported on: August 17, 2022
- Disclosure status: Privately disclosed
- Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.
- The patch adds proper permission.
9. SVE-2022-1931(CVE-2023-21422): Improper authorization vulnerability in WifiSevice
- Severity: Moderate
- Affected versions: R(11), S(12)
- Reported on: August 14, 2022
- Disclosure status: Privately disclosed
- Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.
- The patch adds permission check logic when call the service API.
10. SVE-2022-1672(CVE-2023-21421): Improper Handling of Insufficient Permissions or Privileges vulnerability in Knox Service
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: July 14, 2022
- Disclosure status: Privately disclosed
- Improper handling of insufficient permissions or privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.
- The patch adds proper signature check in KnoxCustomManagerService to prevent unauthorized access.
11. SVE-2022-1364(CVE-2023-21420): Use of Externally-Controlled Format String vulnerabilities in STST TA
- Severity: High
- Affected versions: Q(10), R(11) devices with Teegris
- Reported on: June 3, 2022
- Disclosure status: Privately disclosed
- Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.
- The patch restricts the triggering for the print of externally controlled format string code.
12. SVE-2022-0471(CVE-2023-21419): A vulnerability in Secure Folder
- Severity: Moderate
- Affected versions: S(12)
- Reported on: February 28, 2022
- Disclosure status: Privately disclosed
- An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.
- The patch adds restriction that lock the SecureFolder container when PIP is closed.
Samsung
Samsung Galaxy A33 5G grabs September 2024 security update
We are in October 2024 and Samsung is rolling out a new update for the Galaxy A33 5G smartphone, which brings the September 2024 security patch to improve system security and stability. The update is available for users in Brazil and the company will soon expand it to more countries.
September 2024 security update fixes several Samsung and Google vulnerabilities to make the device’s performance smoother. It includes 1 critical issue and 43 high-level ones for Google. One of these issues was already fixed in earlier updates, and another one doesn’t impact Galaxy devices.
In addition, Samsung is adding 23 of its fixes to improve security. These vulnerabilities are mainly related to My Files, Theme Center, One UI Home, Knox, and Dex. This update makes the smartphone more reliable, secure, and stable.
Users of Samsung Galaxy A33 5G are getting a September 2024 security update with One UI build version A336MUBSAEXI8. They will have to download a 262MB package to install the update. It is an initial rollout so it may take some hours or days to reach all models.
If you have received the notification of the update then install it now to get a bug-free experience. You can also check the update by visiting the Settings app on your smartphone and opening the Software Update section.
Now, click on the Download and install option. If any update is available, you can follow the on-screen instructions to install the update on your Galaxy smartphone.
Notably, the update is based on Android 14-based One UI 6.1. This device is eligible for the next major One UI update, One UI 7, based on Android 15. Samsung is going to release a stable One UI 7 in January 2025 along with the Galaxy S25 series. After its debut, Samsung will make its wider rollout for all eligible devices.
Samsung One UI 7 design will be Simple, Impactful and Emotive
Samsung
Samsung Galaxy S24 FE starts its update journey with September 2024 patch
Last month, Samsung launched the latest Fan Edition variant of the Galaxy S series, the Galaxy S24 FE. Now, in October 2024, the Korean tech giant has initiated the update cycle for the Galaxy S24 FE with a September 2024 security patch.
Samsung Galaxy S24 FE users are getting the September 2024 security update with One UI build version S721USQU1AXI3. The update is currently rolling out for locked models on Verizon network carriers in the US and the company will expand it soon.
The fresh update improves the overall performance of devices as it installs the latest security patch to fix several issues. The company is rolling out the update with system security improvements to keep your files and data safe on your phone.
Moreover, it also optimizes system stability to offer you uninterrupted and seamless functionality on your device. This is an initial rollout so it may take hours or days to reach all models.
You can download the first update of Samsung Galaxy S24 FE through Settings >> Software Updates >> Download and Install.
Samsung Galaxy S24 FE is one of the affordable smartphones with premium features. It comes with a large 6.7-inch FHD+ display that can reach brightness levels of up to 1900 nits. It also has a smooth 120Hz refresh rate for a seamless experience.
Powered by the Exynos 2400e processor, the smartphone features 8GB of RAM, a 50MP main camera, a 10MP selfie shooter, a 4700mAh battery, 7 years of software support, and more.
Sorry Apple, Google: Samsung Galaxy S24 FE is official and it’s GREAT!
Samsung
Samsung Galaxy A15 receives September 2024 security update
Samsung has pushed a new update for the Galaxy A15 smartphone, which brings a September 2024 security patch. The update improves system security and stability to enhance the overall performance.
September 2024 security update for Galaxy A15 is currently rolling out in Asian countries and the company will soon make it available in more countries. Users can verify the latest update through One UI build version A155FXXS4BXI3.
The fresh update is expected to resolve video playback issues experienced in previous software. Galaxy A15 users have reported encountering a black screen with sound but no visuals. Additionally, error messages frequently appear, indicating “An unknown error has occurred” or that the video codec is not supported.
Notably, the September 2024 security patch addresses 1 critical issue and 43 high-level ones for Google. One of these issues was already fixed in earlier updates, and another one doesn’t impact Galaxy devices. Also, Samsung is adding 23 of its fixes to improve security in My Files, Theme Center, One UI Home, Knox, and Dex.
The installation package size of this update is around 270MB. You can install the latest update through your device’s Settings >> Software Update >> Download and Install. If any update is available, you can follow the on-screen instructions to install the update on your Galaxy smartphone
Samsung confirms update to fix Galaxy A15/A24 video playback issues