Updates

Samsung March 2023 Security Patch: Fixes for Call, Keyboard, System UI and more

Published

2 years ago

on

Samsung March 2023 security patch details go official, confirming fixes for a number of CVEs as well as One UI Keyboard, System UI, and more. As of March 6, the company has not started the latest patch’s rollout for Galaxy devices, but we believe it’s not too away now.

Follow our socials → Google News, Telegram, Twitter, Facebook

According to the info, March 2023 security patch for Samsung devices brings Google patches that are mentioned in the Android security bulletin. There are a number of common vulnerability exposures listed in the document that falls into different ranges including:

  1. Critical – 5
  2. High – 35
  3. Moderate – 0
  4. Already fixed – 4
  5. Not applicable – 5

Apart from this, the March 2023 patch also includes 23 One UI patches which Samsung calls SVE (Samsung Vulnerabilities and Exposures). Together with Android and One UI patches, the latest software update ensures the best security and privacy on Galaxy devices.

Severe issues that are patched in the March OTA:

Call application

Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission. The patch adds proper permission to prevent improper access.

Samsung Keyboard

Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows a physical attacker to access users’ text history on the lock screen. The patch removes the context menu on the lock screen.

Vulnerability in System UI

Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI allows attackers to turn off Do not disturb via unprotected intent. Samsung’s March 2023 patch adds proper protection for the intent.

Galaxy Themes

Path traversal vulnerability in Galaxy Themes Service allows attackers to access arbitrary files with system uid.
The March update adds proper input validation.

Bluetooth

Improper access control vulnerability in Bluetooth prior allows attackers to send files via Bluetooth without related permission. The company has also patched this flaw with the latest OTA release, which affects Galaxy devices running Android 11 to 13.

Use after-free vulnerability in decon driver

This issue affected Galaxy devices running Android 11/12/13 with Exynos 2100 chipset (Galaxy S21 series). It allows attackers to cause memory access faults, which have been fixed with the addition of proper check logic to prevent use after free.

Here are the CVE items:

Critical

  • CVE-2022-33232, CVE-2022-33243, CVE-2022-40514, CVE-2023-20951, CVE-2023-20954

High

  • CVE-2022-0850, CVE-2022-41222, CVE-2023-20937, CVE-2023-20938, CVE-2023-20602, CVE-2022-33221, CVE-2022-33233, CVE-2022-33248, CVE-2022-33277, CVE-2022-47339, CVE-2022-47331
  • CVE-2023-20906, CVE-2023-20911, CVE-2023-20917, CVE-2023-20947, CVE-2023-20963, CVE-2023-20956, CVE-2023-20958, CVE-2023-20964, CVE-2023-20926, CVE-2023-20931, CVE-2023-20936
  • CVE-2023-20953, CVE-2023-20955, CVE-2023-20957, CVE-2023-20959, CVE-2023-20960, CVE-2023-20966, CVE-2022-4452, CVE-2022-20467, CVE-2023-20929, CVE-2023-20952, CVE-2023-20962, CVE-2022-20499, CVE-2023-20910

Moderate

  • None

Already included in previous updates

  • CVE-2022-40502, CVE-2022-40512, CVE-2022-33271, CVE-2022-33306

Not applicable to Samsung devices

  • CVE-2022-39189, CVE-2022-39842, CVE-2022-33280, CVE-2022-34145, CVE-2022-34146

Send us carrier-locked or unlocked phones software update screenshot or information here – tip[at]sammyfans[dot]com

| Source |
Related Topics:
Exit mobile version