Over the past couple of months, Samsung was laser-focused on releasing the Android 13 update to its smartphones and tablets. Hence, it delayed the release of the December 2022 security patch by a few days. Usually, it releases a month's security patch even before the month starts, but that wasn't the case with the December 2022 security update.
Samsung released the December 2022 security patch today, starting with the Galaxy S20, Galaxy S20+, and the Galaxy S20 Ultra. Over the next few weeks, the South Korean firm will release the December patch to all its eligible smartphones and tablets. According to the company's documentation, the latest security patch includes fixes for 93 security vulnerabilities. 67 of these vulnerabilities affect almost all Android devices, while the rest are only found in Samsung's Galaxy smartphones and tablets.
From the long list of vulnerabilities that are fixed by Samsung's December 2022 security patch, five are marked as critical, while 63 vulnerabilities have been termed as ‘high’ priority. Twelve vulnerabilities from the list are marked as ‘moderate’ in Samsung’s monthly security bulletin.
Most of these vulnerabilities affect Samsung smartphones and tablets running Android 10, Android 11, and Android 12, while some vulnerabilities are present in Galaxy devices running Android 13. Some of the vulnerabilities explained by Samsung include improper access to messages, the ability to initiate calls, the Settings app, and IMEI and other information (in phones with Exynos chips). Some devices with Exynos chips also allowed a remote attacker to disable network traffic encryption.
Galaxy phones and tablets running Android 13 were also affected by a security loophole in RCS (Rich Communications System) that allows attackers to access an incoming call's phone number. One of those vulnerabilities was also present in Samsung's decoding library for video thumbnails, allowing attackers to perform an Out-Of-Bounds Write operation. Another vulnerability allowed an attacker to access the contents of toast notifications in the Secure Folder via the Nice Catch app.
The other vulnerabilities that were fixed by Samsung's new security patch include kernel information access in devices with Qualcomm chips, improper access to data in the Contacts app, and the ability to access information from the Phone app via implicit intent. Samsung claims that all these bugs have been properly fixed. You can read more about these vulnerabilities on Google's and Samsung's security bulletin websites.