Updates

Samsung’s September 2022 update prevents attackers steal Photo/Video Editor data

Published

2 years ago

on

Recently, Samsung published the September 2022 security patch details for Galaxy consumers. The release notes describe which CVEs and SVEs will be fixed after the latest security update’s installation on your Galaxy device. While checking details in detail, we found a serious bug that may have stolen data from your Gallery.

According to Samsung, the September 2022 security update fixes include SVE-2022-0815, SVE-2022-0706, and SVE-2022-0899 items. These SVEs allow attackers to get sensitive information and access internal application data from Photo Editor and Video Editor apps.

Join Sammy Fans on Telegram

Going ahead with the information, these Samsung Vulnerabilities and Exposures (SVE) items affect Galaxy devices running Android 10 (One UI 2), Android 11 (One UI 3), and Android 12 (One UI 4). The company’s software developers have managed to disclose these three serious problems privately.

Follow Sammy Fans on Google News

While these Samsung Vulnerabilities and Exposures (SVE) items are related to Photo Editor and Video Editor apps, your phone’s Gallery might also have been affected. Both the Photo and Video Editor apps are part of Samsung Gallery and work as plugins to offer additional functionalities.

As of now, Samsung released the September 2022 security patch for the Galaxy S21 series devices in Europe. In the coming days, other flagship and select mid-range/budget phones will receive the latest security maintenance release with the above-mentioned fixes for Galaxy users.

SVE Information

SVE-2022-0815 (CVE-2022-36853)

  • Intent redirection in Photo Editor
    • Severity: Moderate
    • Affected versions: Q(10), R(11), S(12)
    • Reported on: April 1, 2022
    • Disclosure status: Privately disclosed
    • Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive information.
    • The patch adds flag check logic.

SVE-2022-0706 (CVE-2022-36857)

  • Improper Authorization vulnerability in Photo Editor
    • Severity: Moderate
    • Affected versions: R(11) and Photo Editor prior to 3.0.23.43 in S(12)
    • Reported on: March 22, 2022
    • Disclosure status: Privately disclosed
    • Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data.
    • The patch adds the proper validation of the broadcast.

SVE-2022-0899 (CVE-2022-36852)

  • Improper Authorization vulnerability in Video Editor
    • Severity: Moderate
    • Affected versions: R(11), S(12)
    • Reported on: April 12, 2022
    • Disclosure status: Privately disclosed
    • Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data.
    • The patch adds the proper validation of the broadcast.

Samsung September 2022 Security Update Tracker

| Source |
Related Topics:
Exit mobile version