Updates
Samsung January 2023 update patches 20 dangerous SVEs as well
Today, Samsung released the January 2023 security patch details for Galaxy devices. Alongside the Andorid patches by Google, Samsung patches 20 SVEs through the January 2023 update. This complete security OTA package ensures Galaxy customers’ confidence in security.
Follow Sammy Fans on Google News
The South Korean tech giant disclosed that the “SMR January 2023 Release 1” comes with all patches from Samsung and Google. Since the company already patched some SVEs with previous firmware updates, those may not be included in this latest package.
Join Sammy Fans on Telegram
It’s worth mentioning that the January 2022 patch brings fixes for 52 high levels of CVEs for Android devices. Google has not listed any critical or moderate level of CVE in its Android security bulletin, which is applicable on Samsung devices as well.
Samsung January 2023 patches
Below, you can check what SVE items are getting patched with the January 2023 software update on Samsung devices. The details include the given identity (CVE/SVE) of the threat, severity level, affected Android versions, report date, disclosure status and impact prior disclosure.
1. SVE-2022-2537(CVE-2023-21430): An out-of-bound read vulnerability in libSDKRecognitionText.spensdk.samsung.so library
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: October 24, 2022
- Disclosure status: Privately disclosed
- An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Jan-2023 Release 1 allows attacker to cause memory access fault.
- The patch adds proper boundary check logic to prevent out-of-bound access.
2. SVE-2022-2338(CVE-2023-21429): Implicit intent hijacking vulnerability in ePDG
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: September 20, 2022
- Disclosure status: Privately disclosed
- Improper usage of implicit intent in ePDG prior to SMR Jan-2023 Release 1 allows attacker to access SSID.
- The patch change the implicit intent to explicit intent.
3. SVE-2022-2320(CVE-2023-21428): Improper input validation vulnerability in TelephonyUI
- Severity: Moderate
- Affected versions: R(11), S(12), T(13)
- Reported on: September 19, 2022
- Disclosure status: Privately disclosed
- Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call.
- The patch removes unused code.
4. SVE-2022-2280(CVE-2023-21427): Improper access control vulnerabilities in NfcTile
- Severity: Moderate
- Affected versions: R(11), S(12), T(13)
- Reported on: September 15, 2022
- Disclosure status: Privately disclosed
- Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.
- The patch adds proper permission in NfcTile to prevent unauthorized access.
5. SVE-2022-2278(CVE-2023-21426): Hardcoded encryption key vulnerability in NFC
- Severity: Moderate
- Affected versions: Select Q(10) devices
- Reported on: September 15, 2022
- Disclosure status: Privately disclosed
- Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.
- The patch adds proper usage of random private key api to prevent key exposure.
6. SVE-2022-2261(CVE-2023-21425): Improper access control vulnerability in telecom application
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: September 15, 2022
- Disclosure status: Privately disclosed
- Improper access control vulnerability in telecom application prior to SMR Jan-2023 Release 1 allows local attackers to get sensitive information.
- The patch adds proper access control logic to prevent sensitive information leakage.
7. SVE-2022-2118(CVE-2023-21424): Improper Authorization vulnerability in SemChameleonHelper
- Severity: Moderate
- Affected versions: R(11), S(12), T(13)
- Reported on: September 3, 2022
- Disclosure status: Privately disclosed
- Improper handling of insufficient permissions or privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.
- The patch restricts privilege of the app that calls SemChameleonHelper in Telephony.
8. SVE-2022-1967(CVE-2023-21423): Improper authorization vulnerability in ChnFileShareKit
- Severity: Moderate
- Affected versions: S(12), T(13)
- Reported on: August 17, 2022
- Disclosure status: Privately disclosed
- Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.
- The patch adds proper permission.
9. SVE-2022-1931(CVE-2023-21422): Improper authorization vulnerability in WifiSevice
- Severity: Moderate
- Affected versions: R(11), S(12)
- Reported on: August 14, 2022
- Disclosure status: Privately disclosed
- Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.
- The patch adds permission check logic when call the service API.
10. SVE-2022-1672(CVE-2023-21421): Improper Handling of Insufficient Permissions or Privileges vulnerability in Knox Service
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: July 14, 2022
- Disclosure status: Privately disclosed
- Improper handling of insufficient permissions or privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.
- The patch adds proper signature check in KnoxCustomManagerService to prevent unauthorized access.
11. SVE-2022-1364(CVE-2023-21420): Use of Externally-Controlled Format String vulnerabilities in STST TA
- Severity: High
- Affected versions: Q(10), R(11) devices with Teegris
- Reported on: June 3, 2022
- Disclosure status: Privately disclosed
- Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.
- The patch restricts the triggering for the print of externally controlled format string code.
12. SVE-2022-0471(CVE-2023-21419): A vulnerability in Secure Folder
- Severity: Moderate
- Affected versions: S(12)
- Reported on: February 28, 2022
- Disclosure status: Privately disclosed
- An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.
- The patch adds restriction that lock the SecureFolder container when PIP is closed.
On March 6, Samsung released the March 2023 Android plus One UI patch details for Galaxy devices and the updates started to roll out on the 7th. Within February, Samsung updated most of the Galaxy devices with One UI 5.1 and February 2023 security patch.
Follow our socials → Google News, Telegram, Twitter, Facebook
Samsung’s monthly software updates arrive as part of the security maintenance release. Hence, we recommend you install the latest firmware to keep your Galaxy device up to date with the latest security solutions. Besides security patches, Galaxy updates may also offer performance improvements.
One UI 5.1
One UI 5.1 debuted on February 1st and all the flagship Galaxy models received it within 20 days of launch. For the next major upgrade, Galaxy users have to wait longer, while this incremental feature-rich firmware will be helping you with improved performance further.
Galaxy A54, A34
On March 15, Samsung unveiled the Galaxy A54 and Galaxy A34 smartphones. These devices use Exynos 1380/MediaTek processor and run the S23-like Android 13-based One UI 5.1 out of the box. As expected, these devices are set to hit market shelves later this month in Southeast Asia and Europe.
Throughout March 2023, we will continue to get new updates, and official announcements, as well as leaks and rumors about upcoming phones and software. You can stay up to date with the Galaxy ecosystem by following us on Google News, and below, we will keep you updated with March 2023 updates rollout by Samsung.
March 26, 2023:
- Samsung Galaxy devices getting March 2023 Google Play System update in select countries including Germany and India.
March 25, 2023:
- The Galaxy M42 smartphone users started grabbing the latest Android patches via OTA.
March 24, 2023:
- The Galaxy A54 4G is also receiving the March patch.
March 23, 2023:
- The Galaxy Tab S7 and Tab S7 Plus users collecting the latest Android security patches from Samsung.
- Samsung released the March 2023 update to Galaxy A30s mid-range phone.
March 22, 2023:
- Samsung’s Galaxy S21 FE smartphone grabbing March 2023 security patch.
March 18, 2023:
- The Galaxy A52s started getting this newest security patch.
March 17, 2023:
- Samsung expanding Mar. patch to more Galaxy Z Fold 3, Flip 3, S22 and Note 20 users.
- The Galaxy A53 starts getting latest security update.
- Severe Exynos modem vulnerabilities discovered, read more
March 16, 2023:
- The S20 FE LTE and 5G smartphones started to get the March patch.
March 15, 2023:
- The Galaxy Tab S8 series also joins flagships receiving March security maintenance release.
March 12, 2023:
- Samsung’s Galaxy S10e, S10, and S10 Plus start getting the March patch.
March 11, 2023:
- The new security patch is now available for Galaxy Z Fold 4 and Galaxy Z Flip 4 in the US.
March 09, 2023:
- The Galaxy S22, S21, Note 20 series, and Galaxy Z Fold 3 started getting the latest security update in the US.
March 08, 2023:
- The company pushed March 2023 Android patches to the Galaxy S20 series.
March 07, 2023:
- Samsung starts the latest security patch’s rollout for Galaxy S23 and Galaxy S22 and Galaxy S21 series.
T-Mobile has started pushing the March 2023 security update for Samsung Galaxy S20 FE 5G users in the US. The latest security update mainly focuses on improving the security and privacy of your device.
Samsung Galaxy S20 FE 5G smartphone users on the T-Mobile network are grabbing March 2023 update with One UI build version G781USQS9HWB6. The latest update is based on One UI 5.1 so your device must be updated to this major version then only your mobile will get a notification of this latest monthly patch.
The March 2023 update for the Galaxy S20 FE smartphone is already available in India, Europe, and on some US mobile network carriers such as Verizon. The company will soon this update available for all Galaxy S20 FE models.
Follow our socials → Google News, Telegram, Twitter, Facebook
To install the latest update, visit your smartphone’s Settings and tap the Software Update. Now, click on Download and install option to get access to the latest update.
March 2023 security patch details
According to the official details, March 2023 security patch fixes different kinds of bugs and issues patched by Google and Samsung, listed in the Android and One UI security bulletin. A bunch of vulnerability exposures listed in the document that falls into different ranges including:
- Critical – 5
- High – 35
- Moderate – 0
- Already fixed – 4
- Not applicable – 5
Aside from this, the March 2023 patch also includes 23 One UI patches which Samsung calls SVE (Samsung Vulnerabilities and Exposures). Together with Android and One UI patches, the latest software update ensures the best security and privacy on Galaxy devices.
Samsung Galaxy Tab S7 and Galaxy Tab S7 Plus are grabbing a new update with March 2023 security patch in Brazil. This update is already available for several countries in Latin America.
Samsung’s March 2023 security update fixes dozens of security bugs in Android OS and One UI to improve the security and stability of the devices. However, the latest update does not accompany any noticeable changes for the Galaxy Tab S7 but it carries the freshly released monthly patch.
Users of the Samsung Galaxy Tab S7 series in Brazil can identify the March 2023 update via the version number mentioned below.
- Galaxy Tab S7 –T875XXS2DWC1
- Galaxy Tab S7 Plus – T975XXS2DWC1
Follow our socials → Google News, Telegram, Twitter, Facebook
If you haven’t already received the OTA update notification, expect to get it in the next day or so. The rollout happens rapidly so it shouldn’t be long before you’re able to get the update. You can manually check the update via your device’s Settings, Download and install option under Software Updates.
Samsung Galaxy Tab S7 March 2023 update – Brazil #Samsung #GalaxyTabS7 pic.twitter.com/08v5fVgKMA
— Samsung Software Updates (@SamsungSWUpdate) March 24, 2023