Connect with us

Updates

Samsung January 2023 update patches 20 dangerous SVEs as well

Published

on

Telegram update

Today, Samsung released the January 2023 security patch details for Galaxy devices. Alongside the Andorid patches by Google, Samsung patches 20 SVEs through the January 2023 update. This complete security OTA package ensures Galaxy customers’ confidence in security.

Follow Sammy Fans on Google News

The South Korean tech giant disclosed that the “SMR January 2023 Release 1” comes with all patches from Samsung and Google. Since the company already patched some SVEs with previous firmware updates, those may not be included in this latest package.

Join Sammy Fans on Telegram

It’s worth mentioning that the January 2022 patch brings fixes for 52 high levels of CVEs for Android devices. Google has not listed any critical or moderate level of CVE in its Android security bulletin, which is applicable on Samsung devices as well.

Samsung Galaxy Software Update

Samsung January 2023 patches

Below, you can check what SVE items are getting patched with the January 2023 software update on Samsung devices. The details include the given identity (CVE/SVE) of the threat, severity level, affected Android versions, report date, disclosure status and impact prior disclosure.

1. SVE-2022-2537(CVE-2023-21430): An out-of-bound read vulnerability in libSDKRecognitionText.spensdk.samsung.so library

  • Severity: Moderate
  • Affected versions: Q(10), R(11), S(12), T(13)
  • Reported on: October 24, 2022
  • Disclosure status: Privately disclosed
  • An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Jan-2023 Release 1 allows attacker to cause memory access fault.
  • The patch adds proper boundary check logic to prevent out-of-bound access.

2. SVE-2022-2338(CVE-2023-21429): Implicit intent hijacking vulnerability in ePDG

  • Severity: Moderate
  • Affected versions: Q(10), R(11), S(12), T(13)
  • Reported on: September 20, 2022
  • Disclosure status: Privately disclosed
  • Improper usage of implicit intent in ePDG prior to SMR Jan-2023 Release 1 allows attacker to access SSID.
  • The patch change the implicit intent to explicit intent.

3. SVE-2022-2320(CVE-2023-21428): Improper input validation vulnerability in TelephonyUI

  • Severity: Moderate
  • Affected versions: R(11), S(12), T(13)
  • Reported on: September 19, 2022
  • Disclosure status: Privately disclosed
  • Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call.
  • The patch removes unused code.

4. SVE-2022-2280(CVE-2023-21427): Improper access control vulnerabilities in NfcTile

  • Severity: Moderate
  • Affected versions: R(11), S(12), T(13)
  • Reported on: September 15, 2022
  • Disclosure status: Privately disclosed
  • Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.
  • The patch adds proper permission in NfcTile to prevent unauthorized access.

5. SVE-2022-2278(CVE-2023-21426): Hardcoded encryption key vulnerability in NFC

  • Severity: Moderate
  • Affected versions: Select Q(10) devices
  • Reported on: September 15, 2022
  • Disclosure status: Privately disclosed
  • Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.
  • The patch adds proper usage of random private key api to prevent key exposure.

6. SVE-2022-2261(CVE-2023-21425): Improper access control vulnerability in telecom application

  • Severity: Moderate
  • Affected versions: Q(10), R(11), S(12), T(13)
  • Reported on: September 15, 2022
  • Disclosure status: Privately disclosed
  • Improper access control vulnerability in telecom application prior to SMR Jan-2023 Release 1 allows local attackers to get sensitive information.
  • The patch adds proper access control logic to prevent sensitive information leakage.

7. SVE-2022-2118(CVE-2023-21424): Improper Authorization vulnerability in SemChameleonHelper

  • Severity: Moderate
  • Affected versions: R(11), S(12), T(13)
  • Reported on: September 3, 2022
  • Disclosure status: Privately disclosed
  • Improper handling of insufficient permissions or privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.
  • The patch restricts privilege of the app that calls SemChameleonHelper in Telephony.

8. SVE-2022-1967(CVE-2023-21423): Improper authorization vulnerability in ChnFileShareKit

  • Severity: Moderate
  • Affected versions: S(12), T(13)
  • Reported on: August 17, 2022
  • Disclosure status: Privately disclosed
  • Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.
  • The patch adds proper permission.

9. SVE-2022-1931(CVE-2023-21422): Improper authorization vulnerability in WifiSevice

  • Severity: Moderate
  • Affected versions: R(11), S(12)
  • Reported on: August 14, 2022
  • Disclosure status: Privately disclosed
  • Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.
  • The patch adds permission check logic when call the service API.

10. SVE-2022-1672(CVE-2023-21421): Improper Handling of Insufficient Permissions or Privileges vulnerability in Knox Service

  • Severity: Moderate
  • Affected versions: Q(10), R(11), S(12), T(13)
  • Reported on: July 14, 2022
  • Disclosure status: Privately disclosed
  • Improper handling of insufficient permissions or privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.
  • The patch adds proper signature check in KnoxCustomManagerService to prevent unauthorized access.

11. SVE-2022-1364(CVE-2023-21420): Use of Externally-Controlled Format String vulnerabilities in STST TA

  • Severity: High
  • Affected versions: Q(10), R(11) devices with Teegris
  • Reported on: June 3, 2022
  • Disclosure status: Privately disclosed
  • Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.
  • The patch restricts the triggering for the print of externally controlled format string code.

12. SVE-2022-0471(CVE-2023-21419): A vulnerability in Secure Folder

  • Severity: Moderate
  • Affected versions: S(12)
  • Reported on: February 28, 2022
  • Disclosure status: Privately disclosed
  • An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.
  • The patch adds restriction that lock the SecureFolder container when PIP is closed.

James is the lead content creator on Sammy Fans and mostly works on Samsung's firmware section. His first phone was the Galaxy S4 and continues to get new S series devices. Most of the time, James tries to learn about new technologies and gadgets but he also sneaks a bit of free time to nearby rivers and nature.

Samsung

T-Mobile brings April 2024 update to Galaxy S24 series [US]

Published

on

Samsung galaxy S24 April 2024 update T-mobile US

T-Mobile is releasing a huge-size April 2024 update for the Samsung Galaxy S24 series in the US. The update brings camera and security enhancements to enhance the overall experience.

April 2024 security update for Samsung Galaxy S24, Galaxy S24 Plus, and Galaxy S24 Ultra smartphones arrives on T-Mobile network carrier with an installation package size of 818.12MB.

Follow our socials → Google News | Telegram | X/Twitter | Facebook | WhatsApp

As per the changelog, the update improves the stability and reliability of the devices. But its package size also indicates that it improves camera quality and usability.

It is already live in India, the Middle East, Europe, and on Verizon network carrier in the US. To check for software updates manually, head toward your phone’s Settings. At the bottom, you will get the Software update section, simply open it. Inside the submenu, you need to hit the Download and install button if your Galaxy fetches a new OTA.

Samsung’s April 2024 update takes Galaxy S24 Camera to new heights: Check what’s new

Continue Reading

Updates

March 2024 update for Samsung Galaxy A52 5G and A32 5G now live in the US 

Published

on

Samsung Galaxy A32 December 2023 update

Samsung has expanded the reach of the March 2024 security update for carrier-locked and unlocked models of Galaxy A52 5G and Galaxy A32 5G in the US. However, the latest patch is already live in several countries and will reach the remaining regions in the coming days or weeks.

This latest update is a regular security patch that aims to work on the core functioning of your Galaxy devices and elevate their security and stability grades, ensuring that users’ data and sensitive information remain secure for a hassle-free and more seamless experience.

The security maintenance release of March 2024 also mends over 45 vulnerability exposures including 2 critical,  35 high levels of CVEs for the Android operating system, and 9 SVE items from Samsung One UI that are related to AppLock, Bootloader, some services, and more.

Follow our socials → Google News | Telegram | X/Twitter | Facebook | WhatsApp

Other than these general improvements and fixes, the March 2024 update didn’t bring any new features or major changes for Galaxy A52 5G and Galaxy A32 5G in the US. Consequently, owners of the respective models can check the latest software version for their devices below.

Galaxy A52 5G 

  • Carrier unlocked – A526U1UESCFXC6

Galaxy A32 5G 

  • Carrier locked – A326USQSDDXC2
  • Carrier unlocked – A326U1UESDDXC2

As usual, the update is released through an over-the-air method, hence, it may take some time to cover all the eligible units in the country. In this case, consumers can wait for the patch or can go with the manual installation process via Settings > Software Update > Download & Install tab.

Samsung Galaxy A52s January 2024 update

Continue Reading

Updates

Samsung releases March 2024 security update for Galaxy F23 5G

Published

on

Samsung Galaxy F23 One UI 6 update

Today, Samsung began the rollout of its most awaited Android 14-based One UI 6.1 software and seeded several Galaxy devices with the offerings. On the other hand, the tech maker has also released a March 2024 security update for the budget-friendly Samsung Galaxy F23 5G.

Going toward the details, the March 2024 update for Samsung Galaxy F23 5G is currently live in India and will expand to more region users soon. Also, the consumers of the corresponding model will be able to identify the patch through One UI build version E236BXXS5DXC1.

To be mentioned, the users of Galaxy F23 5G are currently enjoying the features and optimizations of Android 14-based One UI 6.0 software. Now, the installation of this latest patch will further boost device’s performance and optimize the overall user experience.

Follow our socials → Google News | Telegram | X/Twitter | Facebook | WhatsApp

Hence, if you reside in India and operating Galaxy F23 5G then upgrade your handy gadget to the latest version now. Because this all-new security patch will improve the core mechanism of your device and provide improved protection against threats and viruses.

It also brings fixes for over 45 vulnerability exposures from Google and Samsung to maintain the device’s reliability and offer users a secure and hassle-free interpretation. Therefore, to download the patch manually visit Settings >> Software Update >> Download & Install.

Samsung Galaxy F23 March 2024 update

Continue Reading