Updates
Samsung January 2023 update patches 20 dangerous SVEs as well
Today, Samsung released the January 2023 security patch details for Galaxy devices. Alongside the Andorid patches by Google, Samsung patches 20 SVEs through the January 2023 update. This complete security OTA package ensures Galaxy customers’ confidence in security.
Follow Sammy Fans on Google News
The South Korean tech giant disclosed that the “SMR January 2023 Release 1” comes with all patches from Samsung and Google. Since the company already patched some SVEs with previous firmware updates, those may not be included in this latest package.
Join Sammy Fans on Telegram
It’s worth mentioning that the January 2022 patch brings fixes for 52 high levels of CVEs for Android devices. Google has not listed any critical or moderate level of CVE in its Android security bulletin, which is applicable on Samsung devices as well.
Samsung January 2023 patches
Below, you can check what SVE items are getting patched with the January 2023 software update on Samsung devices. The details include the given identity (CVE/SVE) of the threat, severity level, affected Android versions, report date, disclosure status and impact prior disclosure.
1. SVE-2022-2537(CVE-2023-21430): An out-of-bound read vulnerability in libSDKRecognitionText.spensdk.samsung.so library
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: October 24, 2022
- Disclosure status: Privately disclosed
- An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Jan-2023 Release 1 allows attacker to cause memory access fault.
- The patch adds proper boundary check logic to prevent out-of-bound access.
2. SVE-2022-2338(CVE-2023-21429): Implicit intent hijacking vulnerability in ePDG
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: September 20, 2022
- Disclosure status: Privately disclosed
- Improper usage of implicit intent in ePDG prior to SMR Jan-2023 Release 1 allows attacker to access SSID.
- The patch change the implicit intent to explicit intent.
3. SVE-2022-2320(CVE-2023-21428): Improper input validation vulnerability in TelephonyUI
- Severity: Moderate
- Affected versions: R(11), S(12), T(13)
- Reported on: September 19, 2022
- Disclosure status: Privately disclosed
- Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call.
- The patch removes unused code.
4. SVE-2022-2280(CVE-2023-21427): Improper access control vulnerabilities in NfcTile
- Severity: Moderate
- Affected versions: R(11), S(12), T(13)
- Reported on: September 15, 2022
- Disclosure status: Privately disclosed
- Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.
- The patch adds proper permission in NfcTile to prevent unauthorized access.
5. SVE-2022-2278(CVE-2023-21426): Hardcoded encryption key vulnerability in NFC
- Severity: Moderate
- Affected versions: Select Q(10) devices
- Reported on: September 15, 2022
- Disclosure status: Privately disclosed
- Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.
- The patch adds proper usage of random private key api to prevent key exposure.
6. SVE-2022-2261(CVE-2023-21425): Improper access control vulnerability in telecom application
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: September 15, 2022
- Disclosure status: Privately disclosed
- Improper access control vulnerability in telecom application prior to SMR Jan-2023 Release 1 allows local attackers to get sensitive information.
- The patch adds proper access control logic to prevent sensitive information leakage.
7. SVE-2022-2118(CVE-2023-21424): Improper Authorization vulnerability in SemChameleonHelper
- Severity: Moderate
- Affected versions: R(11), S(12), T(13)
- Reported on: September 3, 2022
- Disclosure status: Privately disclosed
- Improper handling of insufficient permissions or privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.
- The patch restricts privilege of the app that calls SemChameleonHelper in Telephony.
8. SVE-2022-1967(CVE-2023-21423): Improper authorization vulnerability in ChnFileShareKit
- Severity: Moderate
- Affected versions: S(12), T(13)
- Reported on: August 17, 2022
- Disclosure status: Privately disclosed
- Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.
- The patch adds proper permission.
9. SVE-2022-1931(CVE-2023-21422): Improper authorization vulnerability in WifiSevice
- Severity: Moderate
- Affected versions: R(11), S(12)
- Reported on: August 14, 2022
- Disclosure status: Privately disclosed
- Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.
- The patch adds permission check logic when call the service API.
10. SVE-2022-1672(CVE-2023-21421): Improper Handling of Insufficient Permissions or Privileges vulnerability in Knox Service
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: July 14, 2022
- Disclosure status: Privately disclosed
- Improper handling of insufficient permissions or privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.
- The patch adds proper signature check in KnoxCustomManagerService to prevent unauthorized access.
11. SVE-2022-1364(CVE-2023-21420): Use of Externally-Controlled Format String vulnerabilities in STST TA
- Severity: High
- Affected versions: Q(10), R(11) devices with Teegris
- Reported on: June 3, 2022
- Disclosure status: Privately disclosed
- Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.
- The patch restricts the triggering for the print of externally controlled format string code.
12. SVE-2022-0471(CVE-2023-21419): A vulnerability in Secure Folder
- Severity: Moderate
- Affected versions: S(12)
- Reported on: February 28, 2022
- Disclosure status: Privately disclosed
- An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.
- The patch adds restriction that lock the SecureFolder container when PIP is closed.
Samsung has released a new update with the November 2024 security patch for Galaxy Z Flip 5 and Galaxy Z Fold 5 smartphones. The update is available for users in Korea and the company will soon expand it to more countries.
November 2024 security update for Samsung Galaxy Z Flip 5 and Galaxy Z Fold 5 smartphones F731NKSU4DXK8 and F946NKSU4DXK8 respectively. It is an initial rollout so it may take some hours or days to reach all models.
The fresh security patch fixes 52 vulnerabilities in Android and Samsung software. Google has patched 38 high-level issues, and one CVE doesn’t apply to Galaxy devices. Samsung has also addressed 13 issues, including bugs related to multiple users, Dex Mode, Galaxy Watch, and Settings.
This update improves security and device performance by bringing bug fixes and enhancements. Overall, users will get smoother performance after installing the update.
If you have received the notification of the update then install it now to get a bug-free experience. You can also check the update by visiting the Settings app on your smartphone and opening the Software Update section.
Now, click on the Download and Install option. If any update is available, you can follow the on-screen instructions to install the update on your Galaxy smartphone.
These foldable smartphones are currently running Android 14 based One UI 6.1.1. It will get the major One UI 7 based on the Android 15 update next year, after the Samsung Galaxy S25 series launch.
November 2024 Update Plan: Samsung offers security patches for over 140 Galaxy devices
Samsung recently announced the One UI 6 Watch rollout for older Galaxy watches. Now, the company has started rolling out the November 2024 security update for Samsung Galaxy Watch 7.
November 2024 security update for the Samsung Galaxy Watch 7 is currently live for users in Korea and the company will soon expand it to more countries. This update arrives with build version L310XXU1AXK6 and an installation package size of 245.62MB.
The fresh update improves the stability of the Galaxy Watch 7 to provide a more reliable performance. It brings some improvements to make the device more secure and stable. Also, it installs the latest Android security patch release in November 2024 for better security.
By fixing existing issues and enhancing performance, Samsung aims to deliver a smoother and more dependable user experience. Although the update does not introduce new features or changes, it provides a better and smoother performance.
Samsung recommends Galaxy Watch 7 users install this update to take advantage of the enhanced system stability. By keeping the device updated, users can get benefits from the new feature and enhanced security.
To install the update, users need to connect their Galaxy Watch 7 to a smartphone via the Galaxy Wearable app. From there, navigate to Watch Settings, select Watch Software Update, and choose the Download and Install option.
Samsung reveals what One UI 6 Watch update brings to Galaxy Watch
Samsung Galaxy A53 and Galaxy A23 users are receiving a November 2024 security update on the Verizon network carrier in the US. The update is rolling out for locked models, and other carriers could get this update in the coming days or weeks.
Users of the Samsung Galaxy A53 and Galaxy A23 smartphones can verify the November 2024 security update via One UI builds given below:
- Galaxy A53 – A536VSQSEEXJA
- Galaxy A23 – A236VSQS7DXJ5
November 2024 Security Patch Details
November 2024 security update addresses 52 vulnerabilities across Android and Samsung’s software. Google has resolved 38 high-priority issues, while one CVE is not relevant to Galaxy devices.
Samsung’s patches include fixes for 13 vulnerabilities, primarily impacting user profiles, Dex Mode, Galaxy Watch, and certain system features like Settings and Maintenance Mode. This update enhances both the security and performance of Galaxy devices.
How to Update:
Samsung users can check new software updates manually with a handful of simple steps. Firstly, visit your Galaxy device’s “System Settings,” once done, scroll down and tap the “Software update” tab, followed by the “Download and install” button.
One UI 7
One UI 7 Beta update was announced to be released at the end of the year, with plans to stable release in early 2025 along with the Samsung Galaxy S25 series. Reports claim that the Beta Program is about to start in the coming days for the Galaxy S24 series.