Samsung revealed One UI September 2023 security patch details

Samsung officially revealed the September 2023 Android security patch details, showing the fixes and improvements the latest One UI update carries for Galaxy devices. The company has already started delivering the refinements of the latest security patch for Galaxy S23 Beta users, and it will be expanded to more consumers soon.

As per the shared details, the September 2023 One security patch addresses a total of 58 vulnerabilities and exposures that were harming the devices’ security and their users’ privacy. Of these, 4 CVEs are of Critical level and 19 CVEs are of High level, while no Moderate level of CVE has been fixed.

On the other side, there are 35 Galaxy-specific vulnerability fixes that were affecting various One UI apps and services such as Samsung Keyboard, the Phone app, One UI Home, and more.

You can check out all the Common Vulnerabilities and Exposures (CVEs) from Google’s Android security bulletin and Samsung’s Vulnerabilities and Exposures (SVEs) for Galaxy devices below:

CVEs

Google’s Android Security September 2023 Bulletin contains 4 critical and 19 high levels of vulnerabilities affecting the Android framework and system.

Critical

• CVE-2022-40510, CVE-2023-35658, CVE-2023-35673, CVE-2023-35681

High

• CVE-2020-29374, CVE-2023-20780, CVE-2023-21626, CVE-2023-35669, CVE-2023-35674, CVE-2023-35676, CVE-2023-35687, CVE-2023-35675, CVE-2023-35679, CVE-2023-35666, CVE-2023-35667, CVE-2023-35670, CVE-2023-35682, CVE-2023-35684, CVE-2023-35671, CVE-2023-35683, CVE-2023-35677, CVE-2023-21135, CVE-2023-21118

Moderate

• None

Already included in previous updates

• None

Not applicable to Samsung devices

• CVE-2022-34830, CVE-2023-21264, CVE-2023-28537, CVE-2023-22666, CVE-2023-28555, CVE-2023-35665, CVE-2023-35664, CVE-2023-35680

• Follow our socials → Google News, Telegram

SVEs

In addition to the Android patch, the September 2023 patch details include 35 Samsung Vulnerabilities and Exposures (SVE) items that are specific to Samsung devices. These items address various security issues in the device firmware, software, and applications.

The September 2023 Bulletin contains the following SVE items:

• SVE-2022-0857(CVE-2023-30706): Improper authorization in Samsung Keyboard
• SVE-2022-1724(CVE-2023-30707): Improper input validation in Samsung Keyboard
• SVE-2022-2628(CVE-2023-30708): Improper authentication in SecSettings
• SVE-2023-0622(CVE-2023-30709): Improper access control in Dual Messenger
• SVE-2023-0642(CVE-2023-30710): Improper input validation vulnerability in Knox AI
• SVE-2023-0811(CVE-2023-30711): Improper authentication in Phone and Messaging Storage
• SVE-2023-0871(CVE-2023-30712): Launch anywhere vulnerability in Settings Suggestions
• SVE-2023-0941(CVE-2023-30713): Improper privilege management in One UI Home
• SVE-2023-0942(CVE-2023-30714): Improper authorization in One UI Home
• SVE-2023-0949(CVE-2023-30715): Improper access control vulnerability in Weather
• SVE-2023-0954(CVE-2023-30716): Improper access control vulnerability in SVCAgent
• SVE-2023-0963(CVE-2023-30717): Sensitive information exposure vulnerability in SVCAgent
• SVE-2023-0993(CVE-2023-30718): Improper export of Android application components in WifiApAutoHotspotEnablingActivity
• SVE-2023-1027(CVE-2023-30719): Exposure of Sensitive Information vulnerability in InboundSmsHandler
• SVE-2023-1028(CVE-2023-30720): PendingIntent hijacking in LmsAssemblyTrackerCTC
• SVE-2023-1059(CVE-2023-30721): Insertion of sensitive information into log vulnerability in Lock settings

Via