Here is why attacker can take over the whole phone.
💡
Short Term.
SVE : Samsung Vulnerabilities and Exposures.
SMR : Security Maintenance Release.
SVE : Samsung Vulnerabilities and Exposures.
SMR : Security Maintenance Release.
High Severity Issues
- SVE-2023-1694(CVE-2023-42564): Improper access control in knoxcustom service.
- Affected versions: Android 11, 12, 13, 14.
- Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege.
- SVE-2023-1621(CVE-2023-42563): Integer overflow vulnerability in libFacePreProcessingjni.camera.samsung.so .
- Affected versions: Android 12, 13, 14.
- Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.
- SVE-2023-1620(CVE-2023-42562): Integer overflow vulnerability in libFacePreProcessingjni.camera.samsung.so .
- Affected versions: Android 12, 13, 14.
- Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.
- SVE-2023-1480(CVE-2023-42561): Out-of-bounds write vulnerability in bootloader.
- Affected versions: Selected Android 11, 12, 13, 14 Qualcomm devices.
- Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.
- SVE-2023-1452(CVE-2023-42568): Improper access control vulnerability in SmartManagerCN.
- Affected versions: Android 12, 13.
- Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege.
- SVE-2023-1440(CVE-2023-42560): Out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so .
- Affected versions: Android 11, 12, 13, 14.
- Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code.
- SVE-2023-1350(CVE-2023-42567): Improper size check vulnerability in softsimd.
- Affected versions: Android 14.
- Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow.
- SVE-2023-1102(CVE-2023-42566): Out-of-bound write vulnerability in libsavsvc.
- Affected versions: Android 11, 12, 13, 14.
- Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code.
- SVE-2023-1003(CVE-2023-42565): Improper input validation vulnerability in Smart Clip.
- Affected versions: Android 13, 14.
- Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code.
Moderate Severity Issues
- SVE-2023-1700(CVE-2023-42570): Improper access control vulnerability in KnoxCustomManagerService.
- Affected versions: Android 11, 12, 13, 14.
- Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.
- SVE-2023-1430(CVE-2023-42559): Improper exception management vulnerability in Knox Guard.
- Affected versions: Android 11, 12, 13, 14.
- Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.
ℹ️
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process.
SMR Dec-2023 Release 1 includes all patches from Samsung and Google including above mentioned issues.
SMR Dec-2023 Release 1 includes all patches from Samsung and Google including above mentioned issues.
ℹ️
Users of Samsung Galaxy phones are advised to promptly update their device's operating system (OS) and firmware.