Last week, Samsung started rolling out the November 2022 security update to Galaxy smartphones and tablets. The update has reached a few high-end smartphones, including the Galaxy Z Flip 3, Galaxy Z Flip 4, Galaxy Z Fold 3, and Galaxy Z Fold 4. Now, the company has revealed what it has fixed with the new security patch.
According to Samsung's documentation, the November 2022 security patch fixes 46 security vulnerabilities. Three of those are critical, while 32 are marked as high priority. The new patch includes a fix for one moderate vulnerability and ten vulnerabilities specific to Samsung's Galaxy phones and tablets.
The company said that two security bug fixes that Google released in its November 2022 security bulletin were already included in Samsung's October 2022 security patch. The newest security update also includes 15 additional fixes that do not apply to Galaxy devices.
Some of the vulnerabilities in Samsung devices include improper access control for proxy information, the configuration of EDM settings, and device information (via IpcRxServiceModeBigDataInfo in RIL and BootCompletedReceiver_CMCC in DeviceManagement). Samsung has also fixed security issues in Exynos modems, improper input validation in the DualOutFocusViewer function, and the CallBGProvider.
A vulnerability also allowed attackers to access call information from a Galaxy phone or tablet. Other security vulnerabilities included the ability to execute arbitrary code through heap overflow in the sflacf_fal_bytes_peek function in libsmat.so. Another bug allowed attackers to access privileged APIs using the StorageManagerService function.