January 2023 update fixes Samsung Knox and Secure Folder flaws

Samsung has released the January 2023 security patch onto a few Galaxy phones, starting with the Galaxy Note 10. The company has now published the changelog for the first security maintenance release of the year, detailing numerous fixes for Android OS and Samsung software.

On the Android side, the January 2023 security patch doesn’t contain any fixes for vulnerabilities marked as “Critical” or “Moderate.” However, it mentions over 50 “High” vulnerabilities that were addressed, along with three CVE items included in previous updates.

Secure Folder vulnerability patched

As usual, Samsung has offered more details for fixes concerning vulnerabilities that affect its own software. An out-of-bound read vulnerability was patched with proper boundary check logic. An improper input validation vulnerability in TelephonyUI that would allow attackers to configure “Preferred Call” was fixed, and the patch removed unused code.

Furthermore, a hardcoded encryption key vulnerability in NFC was fixed by adding proper usage of random private key API to prevent key exposure. And an improper access control vulnerability in telecom applications was fixed with access control logic to prevent sensitive information leaks.

Among other SVEs, the January 2023 security patch also fixes a Knox Service vulnerability concerning Permissions or Privileges. The patch also adds restrictions that lock the Secure Folder container when PIP is closed. In other words, the vulnerability allowed the Secure Folder container to remain unlocked under certain conditions.