Updates
Samsung January 2023 update patches 20 dangerous SVEs as well
Today, Samsung released the January 2023 security patch details for Galaxy devices. Alongside the Andorid patches by Google, Samsung patches 20 SVEs through the January 2023 update. This complete security OTA package ensures Galaxy customers’ confidence in security.
Follow Sammy Fans on Google News
The South Korean tech giant disclosed that the “SMR January 2023 Release 1” comes with all patches from Samsung and Google. Since the company already patched some SVEs with previous firmware updates, those may not be included in this latest package.
Join Sammy Fans on Telegram
It’s worth mentioning that the January 2022 patch brings fixes for 52 high levels of CVEs for Android devices. Google has not listed any critical or moderate level of CVE in its Android security bulletin, which is applicable on Samsung devices as well.
Samsung January 2023 patches
Below, you can check what SVE items are getting patched with the January 2023 software update on Samsung devices. The details include the given identity (CVE/SVE) of the threat, severity level, affected Android versions, report date, disclosure status and impact prior disclosure.
1. SVE-2022-2537(CVE-2023-21430): An out-of-bound read vulnerability in libSDKRecognitionText.spensdk.samsung.so library
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: October 24, 2022
- Disclosure status: Privately disclosed
- An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Jan-2023 Release 1 allows attacker to cause memory access fault.
- The patch adds proper boundary check logic to prevent out-of-bound access.
2. SVE-2022-2338(CVE-2023-21429): Implicit intent hijacking vulnerability in ePDG
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: September 20, 2022
- Disclosure status: Privately disclosed
- Improper usage of implicit intent in ePDG prior to SMR Jan-2023 Release 1 allows attacker to access SSID.
- The patch change the implicit intent to explicit intent.
3. SVE-2022-2320(CVE-2023-21428): Improper input validation vulnerability in TelephonyUI
- Severity: Moderate
- Affected versions: R(11), S(12), T(13)
- Reported on: September 19, 2022
- Disclosure status: Privately disclosed
- Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call.
- The patch removes unused code.
4. SVE-2022-2280(CVE-2023-21427): Improper access control vulnerabilities in NfcTile
- Severity: Moderate
- Affected versions: R(11), S(12), T(13)
- Reported on: September 15, 2022
- Disclosure status: Privately disclosed
- Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.
- The patch adds proper permission in NfcTile to prevent unauthorized access.
5. SVE-2022-2278(CVE-2023-21426): Hardcoded encryption key vulnerability in NFC
- Severity: Moderate
- Affected versions: Select Q(10) devices
- Reported on: September 15, 2022
- Disclosure status: Privately disclosed
- Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.
- The patch adds proper usage of random private key api to prevent key exposure.
6. SVE-2022-2261(CVE-2023-21425): Improper access control vulnerability in telecom application
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: September 15, 2022
- Disclosure status: Privately disclosed
- Improper access control vulnerability in telecom application prior to SMR Jan-2023 Release 1 allows local attackers to get sensitive information.
- The patch adds proper access control logic to prevent sensitive information leakage.
7. SVE-2022-2118(CVE-2023-21424): Improper Authorization vulnerability in SemChameleonHelper
- Severity: Moderate
- Affected versions: R(11), S(12), T(13)
- Reported on: September 3, 2022
- Disclosure status: Privately disclosed
- Improper handling of insufficient permissions or privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.
- The patch restricts privilege of the app that calls SemChameleonHelper in Telephony.
8. SVE-2022-1967(CVE-2023-21423): Improper authorization vulnerability in ChnFileShareKit
- Severity: Moderate
- Affected versions: S(12), T(13)
- Reported on: August 17, 2022
- Disclosure status: Privately disclosed
- Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.
- The patch adds proper permission.
9. SVE-2022-1931(CVE-2023-21422): Improper authorization vulnerability in WifiSevice
- Severity: Moderate
- Affected versions: R(11), S(12)
- Reported on: August 14, 2022
- Disclosure status: Privately disclosed
- Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.
- The patch adds permission check logic when call the service API.
10. SVE-2022-1672(CVE-2023-21421): Improper Handling of Insufficient Permissions or Privileges vulnerability in Knox Service
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: July 14, 2022
- Disclosure status: Privately disclosed
- Improper handling of insufficient permissions or privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.
- The patch adds proper signature check in KnoxCustomManagerService to prevent unauthorized access.
11. SVE-2022-1364(CVE-2023-21420): Use of Externally-Controlled Format String vulnerabilities in STST TA
- Severity: High
- Affected versions: Q(10), R(11) devices with Teegris
- Reported on: June 3, 2022
- Disclosure status: Privately disclosed
- Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.
- The patch restricts the triggering for the print of externally controlled format string code.
12. SVE-2022-0471(CVE-2023-21419): A vulnerability in Secure Folder
- Severity: Moderate
- Affected versions: S(12)
- Reported on: February 28, 2022
- Disclosure status: Privately disclosed
- An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.
- The patch adds restriction that lock the SecureFolder container when PIP is closed.
Samsung launched a new Galaxy A series smartphone, Galaxy A54 in early March 2023. Now, the company has begun releasing the first update for the Samsung Galaxy A54 smartphone with camera improvements.
The latest update of Galaxy A54 enhances the behavior of the camera app to provide a better experience. Also, it installs February 2023 security patch to improve the system security of the device.
Aside from this, the update also upgrades a bundle of One UI apps including Samsung Notes Add-ons, AR Zone, Galaxy Shop, Members, Wallet, Samsung TV Plus, Voice Recorder, SmartThings, and more to the latest version.
According to the information (via GalaxyClub), February 2023 update is currently rolling out for Galaxy A54 models in Europe. The update is rolling out gradually so it may take some hours/days to reach all A54 models.
Samsung Galaxy A54 smartphone gets its first firmware update with PDA version A546BXXU1AWC4 and weighs 227.73 megabytes package. If you have got the notification of the update then install it now. Also, you can manually check the update through Settings >> Software Update >> Download and install.
About Samsung Galaxy A54
Samsung Galaxy A54 5G comes with an impressive design, multiple advanced features, better day-night cameras, powerful security, new picture editing tools, and more. It packs with a 6.4-inch FHD+ Super AMOLED Display with a 120Hz refresh rate and Vision booster feature.
The Galaxy A54 5G features a 50MP main camera along with a 32MP front camera, an octa-core Exynos 1380 processor, the latest Android 13-based One UI 5.1 software, and more. The main thing to highlight is that the smartphone is eligible for four major OS upgrades.
Samsung is rolling out a new firmware update for the Galaxy M42 5G devices, which installs the March 2023 security patch. The users of Galaxy M42 5G smartphone can identify the update through build version M426BXXU4DWC1 in India.
The Korean tech giant is gradually rolling out the March 2023 security update for the Galaxy M42 5G smartphones, more models will catch it up soon. The devices have already received the Android 13-based One UI 5.1 update, so if you haven’t installed the update, install it now or else you might miss March 2023 update this time.
March 2023 update for Samsung Galaxy M42 5G installs the latest Android patch released to fix security-related issues to make it more secure. Also, the company upgrades some functions and optimizes stability to provide a bug-free experience.
March 2023 security patch fixes a bunch of common vulnerability exposures related to Calls, Samsung Keyboard, System UI, Galaxy Themes, Bluetooth, and more.
Follow our socials → Google News, Telegram, Twitter, Facebook
In addition, several stocks apps including Samsung Notes Add-ons, Galaxy Wearable, Global Goals, Samsung Kids, Notes, Health, Internet, Calculator, Smart Switch, Wallet, Members, SmartThings, and Voice Recorder will be updated to the latest version after the software update.
Samsung Galaxy M42 5G March 2023 update #Samsung #GalaxyM42 pic.twitter.com/jUppwSBxOY
— Samsung Software Updates (@SamsungSWUpdate) March 24, 2023
How to update?
Samsung consumers can check new software updates manually with a handful of simple steps. Firstly, visit your Galaxy device’s “System Settings,” once done, scroll down and tap the “Software update” tab, followed by the “Download and install” button.
Samsung is about to release a new firmware update for the Galaxy S23 series, which might bring major camera improvements. As usual, the company is testing new firmware builds on the Galaxy S23 devices before rollout to the Public via OTA.
Follow our socials → Google News, Telegram, Twitter, Facebook
Ahead of the release, a reliable source revealed that Samsung is preparing a big camera firmware for the Galaxy S23 series. Earlier, the same source claimed that the company may release a camera optimization update to its latest flagships in late March.
CheckFirm detected the latest test build for the Galaxy S23 Ultra smartphone, which bears PDA versions S918NKSU1AWC6 for South Korea and S918BXXU1AWC6 for India. Since the Korean builds appear to be a regular security update, the Indian build may be just the opposite.
Judging from the test build number, the Galaxy S23 series’ next global firmware may not only bring a security patch. As the bootloader alphabet has changed to U for Indian build, the next update is most likely to include under-the-hood changes such as rumored camera improvements.
Apart from the claims of the tipster, there’s no info available regarding Samsung’s next OTA for the Galaxy S23 series. As consumers continue to share their feedback and complain about emerging issues with camera performance and some others, the company will surely apply them in its future moves.
Galaxy S23 Series
Back in February, Samsung launched the Galaxy S23 series with Android 13-based One UI 5.1 software pre-installed. The devices bring improved camera capabilities such as better nightography and algorithm changes to deliver an enhanced photography experience.
The Galaxy S23 Ultra is the first Samsung phone, which is equipped with a monstrous 200-megapixel main camera. This sensor is capable of capturing photos in three different resolutions including a trimmed down 12-megapixel, a balanced 50-megapixel shot along with the full 200-megapixel resolution.