One UI

Samsung September 2023 Security Patch Details Released: What’s New

Published

1 year ago

on

Samsung has already started to make its Galaxy devices more secure by releasing the September 2023 update and Galaxy S23 series beta users have become the first ones to get it. Now, the company has officially published the details of the September 2023 security patch for Samsung devices, which fixes many security issues that are identified by CVE and SVE codes.

Android Patch Details 

Google’s Android Security September 2023 Bulletin contains 4 critical and 19 high levels of vulnerabilities affecting the Android framework and system.

Critical

  • CVE-2022-40510, CVE-2023-35658, CVE-2023-35673, CVE-2023-35681

High

  • CVE-2020-29374, CVE-2023-20780, CVE-2023-21626, CVE-2023-35669, CVE-2023-35674, CVE-2023-35676, CVE-2023-35687, CVE-2023-35675, CVE-2023-35679, CVE-2023-35666, CVE-2023-35667, CVE-2023-35670, CVE-2023-35682, CVE-2023-35684, CVE-2023-35671, CVE-2023-35683, CVE-2023-35677, CVE-2023-21135, CVE-2023-21118

Moderate

  • None

Already included in previous updates

  • None

Not applicable to Samsung devices

  • CVE-2022-34830, CVE-2023-21264, CVE-2023-28537, CVE-2023-22666, CVE-2023-28555, CVE-2023-35665, CVE-2023-35664, CVE-2023-35680

One UI Patch Details

In addition to the Android patch, the September 2023 patch details include 35 Samsung Vulnerabilities and Exposures (SVE) items that are specific to Samsung devices. These items address various security issues in the device firmware, software, and applications.

The September 2023 Bulletin contains the following SVE items:

  • SVE-2022-0857(CVE-2023-30706): Improper authorization in Samsung Keyboard
  • SVE-2022-1724(CVE-2023-30707): Improper input validation in Samsung Keyboard
  • SVE-2022-2628(CVE-2023-30708): Improper authentication in SecSettings
  • SVE-2023-0622(CVE-2023-30709): Improper access control in Dual Messenger
  • SVE-2023-0642(CVE-2023-30710): Improper input validation vulnerability in Knox AI
  • SVE-2023-0811(CVE-2023-30711): Improper authentication in Phone and Messaging Storage
  • SVE-2023-0871(CVE-2023-30712): Launch anywhere vulnerability in Settings Suggestions
  • SVE-2023-0941(CVE-2023-30713): Improper privilege management in One UI Home
  • SVE-2023-0942(CVE-2023-30714): Improper authorization in One UI Home
  • SVE-2023-0949(CVE-2023-30715): Improper access control vulnerability in Weather
  • SVE-2023-0954(CVE-2023-30716): Improper access control vulnerability in SVCAgent
  • SVE-2023-0963(CVE-2023-30717): Sensitive information exposure vulnerability in SVCAgent
  • SVE-2023-0993(CVE-2023-30718): Improper export of Android application components in WifiApAutoHotspotEnablingActivity
  • SVE-2023-1027(CVE-2023-30719): Exposure of Sensitive Information vulnerability in InboundSmsHandler
  • SVE-2023-1028(CVE-2023-30720): PendingIntent hijacking in LmsAssemblyTrackerCTC
  • SVE-2023-1059(CVE-2023-30721): Insertion of sensitive information into log vulnerability in Locksettings
Related Topics:
Exit mobile version