December 2022 Security Patch by Samsung arrives with loads of bug fixes
Given the past few months, Samsung was keenly focused on releasing the Android 13 updates for its smartphones as well as tablets. Given this reason, the security patch for December 2022 was delayed for some days. Generally, Samsung releases the security patch before the start of the month. But this time the schedule was altered.
As of today, Samsung has introduced the December 2022 security patch. The security patch has started the updates from Galaxy S20, Galaxy S20+, and Galaxy S20 Ultra. In the next few weeks, the December patch will be introduced to all compatible smartphones and tablets by the Korean firm. As per the documentation of the company, the recent security patch fixes 93 security vulnerabilities. Of these 93 security vulnerabilities, 67 affect nearly all Android devices, while the remaining are associated with Samsung’s Galaxy smartphones and tablets.
Among these 93 vulnerabilities, five have been listed as critical. Whereas 63 have been marked as ‘high’ priority. Twelve of them have been ranked as ‘moderate’ as per the monthly security bulletin of Samsung. Most smartphones and tablets running Android 10, Android 11, and Android 12 are affected by these vulnerabilities. However, some of them are also presented in Galaxy devices based on Android 13.
Samsung mentioned that the vulnerabilities consist of the Settings app, the ability to initiate calls, improper access to messages, and IMEI and other information (in phones based on Exynos chips). Some devices running on Exynos chips could even enable a remote attacker to restrict the network traffic encryption.
Furthermore, Galaxy phones and tablets based on Android 13 were reported with a loophole in RCS (Rich Communications System). This loophole allowed the hackers to gain access to the phone number of an incoming call. The decoding library of Samsung also presented one vulnerability for thumbnails of videos. Thus, enabling the attackers to execute an Out-Of-Bounds Write operation. One of the vulnerabilities in the Nice Catch app allowed the attackers to gain access to the contents of toast notifications in the Secure Folder.
Other vulnerabilities addressed with the December 2022 security patch include:
- improper access to data in the Contacts app
- kernel information access in devices with Qualcomm chips
- ability to access information from the Phone app via implicit intent
As per Samsung, all these bugs have been fixed. You can gain further information about these vulnerabilities on Google as well as the security bulletin websites of Samsung.
Research Snipers is currently covering all technology news including Google, Apple, Android, Xiaomi, Huawei, Samsung News, and More. Research Snipers has decade of experience in breaking technology news, covering latest trends in tech news, and recent developments.
