Firmware

Samsung Illustrated June 2022 Security Patches: Many Vulnerabilities Solved & Models

Published

2 years ago

on


Advertisement

In recent years Samsung has proven very active in software updates for its smartphones on the market, especially in the field of security. Monthly patches are notoriously distributed promptly, often even before the reference month.

For Android security patches updated in June 2022, there were no exceptions, with Samsung starting distribution for a couple of weeks, which is, since the end of May.

We know that the South Korean manufacturer prefers the wording Security Maintenance Release (SMR) for its security updates. These software updates always consist of two parts. In fact, they contain Google’s monthly security patches for the Android operating system and those specifically handled by Samsung.

In recent hours Samsung has also illustrated what they contain: in total, we find 65 fixes, 4 of them with critical vulnerabilities, 14 with high-risk vulnerabilities, and 13 with moderate-risk vulnerabilities. Of these 65 fixes, 48 were provided by Google because they were detected at the Android system level, while Samsung implemented the rest because it was detected at the OneUI level.

Moving on to the second part of the May 2022 update, the one specific to Samsung devices, the manufacturer lists fixes for as many as 32 Samsung Vulnerabilities and Exposures (EVS). Here are the most relevant ones:

  • SVE-2021-23082(CVE-2022-28794): Sensitive information exposure in low battery dumpstate log.
  • SVE-2021-24033(CVE-2022-30709): Improper input validation check logic in SECRIL.
  • SVE-2022-0092(CVE-2022-30710, CVE-2022-30711, CVE-2022-30712, CVE-2022-30713): Improper validation in RemoteViews, FeedsInfo, KfaOptions and LSOItemData.
  • SVE-2022-0100(CVE-2022-30714): Information exposure vulnerability in SemIWCMonitor
  • SVE-2022-0138(CVE-2022-30715): Improper access control vulnerability in DofViewer.
  • SVE-2022-0254(CVE-2022-30716): Unprotected broadcast in DisplayToast.
  • SVE-2022-0258(CVE-2022-30717): Improper caller check in AR Emoji.
  • SVE-2022-0392(CVE-2022-30719): Improper input validation check logic in libsmkvextractor.
  • SVE-2022-0393(CVE-2022-30720): Improper input validation check logic in libsmkvextractor.
  • SVE-2022-0412(CVE-2022-30721): Improper input validation check logic in libsmkvextractor.
  • SVE-2022-0507(CVE-2022-30722): Bypass of Samsung Account confirmation via hijacking implicit intent.
  • SVE-2022-0526, SVE-2022-0534, and SVE-2022-0535(CVE-2022-30723, CVE-2022-30724, CVE-2022-30725): Leak of MAC address of connected Bluetooth device.
  • SVE-2022-0691(CVE-2022-30726): Unprotected component vulnerability in SecSettingsIntelligence.
  • SVE-2022-0793(CVE-2022-30727): Improper handling of insufficient permissions in PersonaManagerService.
  • SVE-2022-1203(CVE-2022-30728): Information exposure vulnerability in ScanPool.
  • SVE-2022-0504(CVE-2022-30729): Hijacking of Wi-Fi SSID and password in Settings.

For more details on all 32 manufacturer-specific fixes, you can refer to Samsung’s official website at this link.

June security patches are being deployed to all Samsung models supported by the monthly update program. Clearly timing can vary as much depending on your smartphone model and your geographic residence.

Samsung models will receive the June 2022 security patches

First of all, it must be said that not all Samsung-branded devices will receive the Security Maintenance Release of June 2022, however the recipients will still be numerous. In fact, all you have to do is visit the manufacturer’s website to find first of all the list of models that receive monthly updates, which includes:

  • Galaxy Fold, Galaxy Fold 5G, Galaxy Z Fold2, Galaxy Z Fold2 5G, Galaxy Z Fold3 5G, Galaxy Z Flip, Galaxy Z Flip 5G, Galaxy Z Flip3 5G
  • Galaxy S10 Lite
  • Galaxy S20, Galaxy S20 5G, Galaxy S20+, Galaxy S20+ 5G, Galaxy S20 Ultra, Galaxy S20 Ultra 5G, Galaxy S20 FE, Galaxy S20 FE 5G, Galaxy S21 5G, Galaxy S21+ 5G, Galaxy S21 Ultra 5G, Galaxy S21 FE 5G, Galaxy S22, Galaxy S22+, Galaxy S22 Ultra
  • Galaxy Note10, Galaxy Note10 5G, Galaxy Note10+, Galaxy Note10+ 5G, Galaxy Note10 Lite, Galaxy Note20, Galaxy Note20 5G, Galaxy Note20 Ultra, Galaxy Note20 Ultra 5G
  • Enterprise Models: Galaxy A52, Galaxy A52 5G, Galaxy A52s 5G, Galaxy A53 5G, Galaxy XCover4s, Galaxy Xcover FieldPro, Galaxy Xcover Pro, Galaxy Xcover5

To all these must be added other smartphones and tablets from the other official lists, namely: some devices with quarterly updates — such as Samsung Galaxy Tab S7 FE, Samsung Galaxy S10, Galaxy S10+ and Galaxy S10e —, others with semi-annual updates and wearables (currently only Samsung Galaxy Watch4 and Samsung Galaxy Watch4 Classic are listed). Full lists are available on the official website at this link.

Advertisement

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Exit mobile version