Updates
Samsung January 2023 update patches 20 dangerous SVEs as well
Today, Samsung released the January 2023 security patch details for Galaxy devices. Alongside the Andorid patches by Google, Samsung patches 20 SVEs through the January 2023 update. This complete security OTA package ensures Galaxy customers’ confidence in security.
Follow Sammy Fans on Google News
The South Korean tech giant disclosed that the “SMR January 2023 Release 1” comes with all patches from Samsung and Google. Since the company already patched some SVEs with previous firmware updates, those may not be included in this latest package.
Join Sammy Fans on Telegram
It’s worth mentioning that the January 2022 patch brings fixes for 52 high levels of CVEs for Android devices. Google has not listed any critical or moderate level of CVE in its Android security bulletin, which is applicable on Samsung devices as well.
Samsung January 2023 patches
Below, you can check what SVE items are getting patched with the January 2023 software update on Samsung devices. The details include the given identity (CVE/SVE) of the threat, severity level, affected Android versions, report date, disclosure status and impact prior disclosure.
1. SVE-2022-2537(CVE-2023-21430): An out-of-bound read vulnerability in libSDKRecognitionText.spensdk.samsung.so library
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: October 24, 2022
- Disclosure status: Privately disclosed
- An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Jan-2023 Release 1 allows attacker to cause memory access fault.
- The patch adds proper boundary check logic to prevent out-of-bound access.
2. SVE-2022-2338(CVE-2023-21429): Implicit intent hijacking vulnerability in ePDG
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: September 20, 2022
- Disclosure status: Privately disclosed
- Improper usage of implicit intent in ePDG prior to SMR Jan-2023 Release 1 allows attacker to access SSID.
- The patch change the implicit intent to explicit intent.
3. SVE-2022-2320(CVE-2023-21428): Improper input validation vulnerability in TelephonyUI
- Severity: Moderate
- Affected versions: R(11), S(12), T(13)
- Reported on: September 19, 2022
- Disclosure status: Privately disclosed
- Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call.
- The patch removes unused code.
4. SVE-2022-2280(CVE-2023-21427): Improper access control vulnerabilities in NfcTile
- Severity: Moderate
- Affected versions: R(11), S(12), T(13)
- Reported on: September 15, 2022
- Disclosure status: Privately disclosed
- Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.
- The patch adds proper permission in NfcTile to prevent unauthorized access.
5. SVE-2022-2278(CVE-2023-21426): Hardcoded encryption key vulnerability in NFC
- Severity: Moderate
- Affected versions: Select Q(10) devices
- Reported on: September 15, 2022
- Disclosure status: Privately disclosed
- Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.
- The patch adds proper usage of random private key api to prevent key exposure.
6. SVE-2022-2261(CVE-2023-21425): Improper access control vulnerability in telecom application
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: September 15, 2022
- Disclosure status: Privately disclosed
- Improper access control vulnerability in telecom application prior to SMR Jan-2023 Release 1 allows local attackers to get sensitive information.
- The patch adds proper access control logic to prevent sensitive information leakage.
7. SVE-2022-2118(CVE-2023-21424): Improper Authorization vulnerability in SemChameleonHelper
- Severity: Moderate
- Affected versions: R(11), S(12), T(13)
- Reported on: September 3, 2022
- Disclosure status: Privately disclosed
- Improper handling of insufficient permissions or privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.
- The patch restricts privilege of the app that calls SemChameleonHelper in Telephony.
8. SVE-2022-1967(CVE-2023-21423): Improper authorization vulnerability in ChnFileShareKit
- Severity: Moderate
- Affected versions: S(12), T(13)
- Reported on: August 17, 2022
- Disclosure status: Privately disclosed
- Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.
- The patch adds proper permission.
9. SVE-2022-1931(CVE-2023-21422): Improper authorization vulnerability in WifiSevice
- Severity: Moderate
- Affected versions: R(11), S(12)
- Reported on: August 14, 2022
- Disclosure status: Privately disclosed
- Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.
- The patch adds permission check logic when call the service API.
10. SVE-2022-1672(CVE-2023-21421): Improper Handling of Insufficient Permissions or Privileges vulnerability in Knox Service
- Severity: Moderate
- Affected versions: Q(10), R(11), S(12), T(13)
- Reported on: July 14, 2022
- Disclosure status: Privately disclosed
- Improper handling of insufficient permissions or privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.
- The patch adds proper signature check in KnoxCustomManagerService to prevent unauthorized access.
11. SVE-2022-1364(CVE-2023-21420): Use of Externally-Controlled Format String vulnerabilities in STST TA
- Severity: High
- Affected versions: Q(10), R(11) devices with Teegris
- Reported on: June 3, 2022
- Disclosure status: Privately disclosed
- Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.
- The patch restricts the triggering for the print of externally controlled format string code.
12. SVE-2022-0471(CVE-2023-21419): A vulnerability in Secure Folder
- Severity: Moderate
- Affected versions: S(12)
- Reported on: February 28, 2022
- Disclosure status: Privately disclosed
- An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.
- The patch adds restriction that lock the SecureFolder container when PIP is closed.
March 2023 security update is now rolling out for Samsung Galaxy S20, Galaxy S20 Plus, and Galaxy S20 Ultra smartphones in the US. The latest update installs an Android patch to enhance security.
Follow our socials → Google News, Telegram, Twitter, Facebook
Samsung Galaxy S20 smartphones already received March 2023 update in selected European countries such as Germany. Now, the update is available for carrier-unlocked Galaxy S20 variants in the US and the company will expand this update soon for locked ones.
The latest update for Galaxy S20, Galaxy S20 Plus, and Galaxy S20 Ultra smartphones in the US can be identified via One UI build versions G981U1UES3HWB5, G986U1UES3HWB5, and G988U1UES3HWB5 respectively.
March 2023 security Update Detail:
Samsung’s March 2023 security patch brings Google patches that are mentioned in the Android security bulletin. For your Galaxy S20, there are a number of common vulnerability exposures mentioned in the document, including:
- Critical – 5
- High – 35
- Moderate – 0
- Already fixed – 4
- Not applicable – 5
Not that all, but the firmware also comes with 23 SVE (Samsung Vulnerabilities and Exposures). With both CVE and SVE items, the company ensures the best possible security on Galaxy devices.
How to Update:
First of all, visit your system Settings, now scroll down the tap the Software update tab. From here, you have to hit the Download and install button so your smartphone can connect to Samsung’s software server and detect a new build online. Follow the on-screen instructions to install the update.
Samsung rolled out March 2023 update for the Galaxy S23 series in several countries including France, Germany, UK, and India. Now, the company is pushing the March 2023 security update for Samsung Galaxy S23 smartphones in the US.
Follow our socials → Google News, Telegram, Twitter, Facebook
The latest update enhances the security of the Galaxy S23 devices as well as enhances stability to provide better performance. It is a regular update so it does not carry much more than the monthly security maintenance.
According to official details, March 2023 security patch brings fixes for a bundle of security bugs in Android OS to provide a seamless and errorless performance. This update fixes a bunch of 60 vulnerabilities which includes 23 Galaxy-specific Samsung Vulnerability and Exposures.
March 2023 security update is releasing for carrier-unlocked Galaxy S23, Galaxy S23 Plus, and Galaxy S23 Ultra variants in the US. The carrier-locked variants of Galaxy S23 will soon receive this monthly update.
Latest Firmware:
- Galaxy S23 – S911U1UES1AWBM
- Galaxy S23 Plus – S916U1UES1AWBM
- Galaxy S23 Ultra – S918U1UES1AWBM
The installation package size of the latest update is 383.01 MB, you can download and install it by following a few steps. Open your device Settings, press on the Software Update option, and then click on the Download and install option. Follow the on-screen instructions to install the latest update.
Samsung Galaxy S23 March 2023 Update – Carrier unlocked US #Samsung #OneUI #GalaxyS23 pic.twitter.com/qo0PYX36PQ
— Samsung Software Updates (@SamsungSWUpdate) March 16, 2023
According to some reports, Samsung is going to release a major update for the Galaxy S23 series smartphones before the start of April. This major update will bring camera improvements to provide a wonderful Galaxy experience.
Samsung has a big Galaxy S23 Camera firmware in the pipeline, get ready for April
Samsung is rolling out the March 2023 Android security patch update for Galaxy Z Fold 3 and Galaxy Z Flip 3 smartphones in Europe. This update fixes many unwanted issues and further sweetens the One UI 5.1 software.
As per the information, these foldable smartphones are receiving optimizations for system stability. It ensures that you don’t meet any crashing, freezing, or lagging problems while operating the phone.
Follow our socials → Google News, Telegram, Twitter, Facebook
For security enhancement, the Korean firm has fixed over 60 related issues and exposures. These include 5 Critical and 35 High levels of CVEs from Google’s Android operating system and 23 Galaxy-specific SVEs that were affecting One UI apps and services.
Besides these, Samsung does not bring any notable new features or changes with this update. Both these foldables recently grabbed the big One UI 5.1 update and their another feature-rich One UI 5.1.1 software is on the way.
Last year, Samsung brought the Android 12L-based One UI 4.1.1 software with a lot of new features to make large-screen easy to use. A similar update is coming this year as well but there is no sign of Android 13L so far. It seems like One UI 5.1.1 will also rely on Android 13.
Moreover, the company is expected to introduce the Galaxy Z Fold 5 and Galaxy Z Flip 5 smartphones with Android 13-based One UI 5.1.1 software out of the box. The next-gen foldable phones may debut in August this year, whereas the One UI 5.1.1 may be available for older Galaxy devices a month later of launch.
Software version:
You can verify the March 2023 software update for your Samsung Galaxy Fold 3 or Galaxy Z Flip 3 in Europe with One UI version:
- Fold 3 – F926BXXS3EWB5
- Flip 3 – F711BXXS4EWB5
Meanwhile, to get access to it, visit your phone’s Settings and go to the Software update section then tap Download and install option.