What you should know
- The first security update of 2024 has been released for certain flagship Samsung Galaxy phones, including the Galaxy S23, S22, and S21 series.
- The updates, which are around 400MB in size, include a patch for a critical vulnerability (CVE-2022-40507), 67 high-priority patches, six moderate-priority patches, and one patch that was included in a previous update.
- One of the patches fixes an issue that could have allowed an attacker to access a user’s personal information via the phone’s “Notification service”. This vulnerability affected Galaxy devices running Android 11 to Android 14.
- Another patch fixes a bug that could have allowed an attacker to pair a device with a Galaxy phone using Bluetooth without the device user’s knowledge or consent. Additionally, the update addresses an issue that could have allowed Samsung DeX users in a multi-user environment to access other users’ notifications.
- It is unclear whether the January security update has restored Samsung’s burn-in screen protection feature, which was previously removed but was expected to return in January.
Full Story
Happy New Year, Samsung Galaxy owners! If you’re sporting a flagship model, you’ve got the first security update of 2024 in your pocket. We’re talking about the Galaxy S23 series, which got a firmware upgrade to version S91xBXXS3BWL3. And let’s not forget the Galaxy S22 models, which received firmware version S90xBXXS7DWL3.
Now, if you’re a Galaxy S21 user, you’re not left out. Your device should have received firmware version G99xBXXS9FWL9. These updates aren’t lightweight either, tipping the scales at around 400MB.
And hey, if you’re eyeing the Samsung Galaxy S24 model, you might want to hurry. Time’s running out to reserve it and snag $50 in Samsung Credit.
According to Samsung’s Security Updates webpage, the update patched up a vulnerability, CVE-2022-40507. Samsung’s labeled this one as “Critical.” They didn’t stop there, though. They rolled out 67 patches to fix vulnerabilities listed as high priority.
Six vulnerabilities got tagged as moderate-priority. And one? Well, that one was part of a previous security update.
One of the patches fixed an issue with the phones’ “Notification service.” Without it, an attacker could have swiped the user’s personal information. Scary stuff, right? This vulnerability affected Galaxy devices running Android 11 to Android 14.
A different patch squashed a bug that could have let an attacker pair a device with a targeted Galaxy phone. The scary part? The device user wouldn’t have had to do anything.
The Galaxy S23 and last year’s flagship series got the January security update. The update also fixed a potential issue for Samsung DeX users in a multi-user environment. It could have allowed them to access notifications from other users.
Now, there’s a bit of uncertainty about whether the January security update brought back Samsung’s burn-in screen protection. Samsung said this feature would return in January during the next update after being removed. This feature subtly shifts the screen pixels to prevent screen burn-in.
Other devices getting the January Samsung Mobile Security Update include the Galaxy S23, Galaxy S22, and Galaxy S21.
If your phone hasn’t automatically installed the update, don’t sweat it. You can do it manually by going to Settings > Software update. These updates aren’t just for Android vulnerabilities. They’re also specific to Samsung Galaxy devices.
