Samsung September 2022 update controls photo/video editor data theft

Samsung One UI 5.0 Themed Icons

Samsung published the September 2022 security patch details for Galaxy consumers. The release notes explain which CVEs and SVEs will be fixed once the latest security update is installed on your Galaxy device. Upon examining the description in detail, we found a serious bug that may have stolen data from your gallery.

According to Samsung, the September 2022 security update includes items SVE-2022-0815, SVE-2022-0706, and SVE-2022-0899. These SVEs allow attackers to obtain sensitive information and access internal application data from a photo editor and video editor apps.

Stay tuned via SFCNation Telegram

Moving on with the information, these Samsung vulnerabilities and Exposure (SVE) items affect Galaxy devices running Android 10 (One UI 2), Android 11 (One UI 3), and Android 12 (One UI 4). The company’s software developers have managed to privately disclose these three serious problems.

While these Samsung vulnerabilities and Exposure (SVE) items are related to photo editor and video editor apps, your phone’s gallery may also be affected. Both the photo and video editor apps are part of Samsung Gallery and work as plugins to provide additional functionality.

As of now, Samsung released the September 2022 security patch for the Galaxy S21 series devices in Europe. In the coming days, other flagships and select mid-range/budget phones will receive the latest security maintenance release along with the above-mentioned improvements for Galaxy users.

SVE Information

SVE-2022-0815 (CVE-2022-36853)

  • Intent redirection in Photo Editor
    • Severity: Moderate
    • Affected versions: Q(10), R(11), S(12)
    • Reported on: April 1, 2022
    • Disclosure status: Privately disclosed
    • Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive information.
    • The patch adds flag check logic.

SVE-2022-0706 (CVE-2022-36857)

  • Improper Authorization vulnerability in Photo Editor
    • Severity: Moderate
    • Affected versions: R(11) and Photo Editor prior to 3.0.23.43 in S(12)
    • Reported on: March 22, 2022
    • Disclosure status: Privately disclosed
    • Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data.
    • The patch adds the proper validation of the broadcast.

SVE-2022-0899 (CVE-2022-36852)

  • Improper Authorization vulnerability in Video Editor
    • Severity: Moderate
    • Affected versions: R(11), S(12)
    • Reported on: April 12, 2022
    • Disclosure status: Privately disclosed
    • Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows a local attacker to access internal application data.
    • The patch adds the proper validation of the broadcast.

( Source )

Exit mobile version