Newsletter
The July 2023 security update for Samsung Galaxy devices is one of the biggest releases in recent times. The company’s security updates tracker reveals that the latest SMR (Security Maintenance Release) contains as many as 90 vulnerability patches. As usual, the majority of those are part of Google’s July ASB (Android Security Bulletin), but there are many Galaxy-specific patches as well.
According to Samsung, the July SMR for Galaxy devices patches three critical Android OS issues. The patches come from Google or the vendor of the compromised component. These security issues could lead to remote code execution without the attacker needing additional execution privileges. Threat actors could exploit the issues to remotely control an affected Android device without the user’s knowledge.
Additionally, Google’s latest ASB contains about 50 other vulnerability patches classified as “high” severity security issues by the company. These could lead to local escalation of privileges, among other potential exploitations. The July SMR safeguards Samsung’s Android-powered devices against these vulnerabilities. Some of the new ASB patches don’t apply to Samsung products, though.
Meanwhile, the Korean firm has patched no less than 38 Galaxy-specific security issues this month. Called Samsung Vulnerabilities and Exposures (SVE), these flaws don’t exist on Android products from other brands. As expected, the company hasn’t detailed them all to avoid potential exploitation before users can install the latest security update. The majority of SVE items patched this month appear to be “moderate” and “high” severity issues.
Among those are a few flaws in the Radio Interface Layer (RILD) that allow attackers to execute arbitrary code. Samsung also fixed an issue with the Galaxy Themes Service that enabled local attackers to delete arbitrary non-preloaded apps. Additionally, the company patched an improper access control vulnerability in Settings that paved the way for a physical attacker to use a restricted user profile to access the device owner’s Google account data.
The July security update is already available for the Galaxy S23 and other devices
Samsung may have just detailed the content of the July SMR for Galaxy devices, but it has already rolled out the latest security patch to a few models. The Galaxy S23 series got it first, followed by the Galaxy S22 series. The company also recently pushed the update to the Galaxy A53 5G. More eligible models will pick up the new security patch in the coming days. We will keep you posted with all of those releases.