Over the previous couple of months, Samsung was laser-focused on releasing the Android 13 update to its smartphones and tablets. Therefore, it delayed the discharge of the December 2022 security patch by a number of days. Often, it releases a month’s safety patch even earlier than the month begins, however that wasn’t the case with the December 2022 safety replace.
Samsung launched the December 2022 safety patch at present, starting with the Galaxy S20, Galaxy S20+, and the Galaxy S20 Ultra. Over the subsequent few weeks, the South Korean agency will launch the December patch to all its eligible smartphones and tablets. Based on the corporate’s documentation, the most recent safety patch consists of fixes for 93 safety vulnerabilities. 67 of those vulnerabilities have an effect on nearly all Android gadgets, whereas the remaining are solely present in Samsung’s Galaxy smartphones and tablets.
From the lengthy record of vulnerabilities which can be mounted by Samsung’s December 2022 safety patch, 5 are marked as crucial, whereas 63 vulnerabilities have been termed as ‘high’ precedence. Twelve vulnerabilities from the record are marked as ‘moderate’ in Samsung’s month-to-month safety bulletin.
Most of those vulnerabilities have an effect on Samsung smartphones and tablets working Android 10, Android 11, and Android 12, whereas some vulnerabilities are current in Galaxy gadgets working Android 13. A number of the vulnerabilities defined by Samsung embody improper entry to messages, the flexibility to provoke calls, the Settings app, and IMEI and different data (in telephones with Exynos chips). Some gadgets with Exynos chips additionally allowed a distant attacker to disable community site visitors encryption.
Galaxy telephones and tablets working Android 13 had been additionally affected by a safety loophole in RCS (Wealthy Communications System) that permits attackers to entry an incoming name’s telephone quantity. A type of vulnerabilities was additionally current in Samsung’s decoding library for video thumbnails, permitting attackers to carry out an Out-Of-Bounds Write operation. One other vulnerability allowed an attacker to entry the contents of toast notifications within the Secure Folder by way of the Good Catch app.
The opposite vulnerabilities that had been mounted by Samsung’s new safety patch embody kernel data entry in gadgets with Qualcomm chips, improper entry to information within the Contacts app, and the flexibility to entry data from the Telephone app by way of implicit intent. Samsung claims that each one these bugs have been correctly mounted. You may learn extra about these vulnerabilities on Google’s and Samsung’s security bulletin websites.