Samsung revealed the contents of the January Security Patch which it started pushing out on Tuesday for unlocked variants of select Android devices. As expected, the new update contains all of the latest patches from Google, as well as Samsung's own additions which address common bugs, vulnerabilities, and other issues. Samsung's January Security Patch deals with no less than 67 Common Vulnerabilities and Exposures (CVE) directly related to the Android operating system and makes 28 other additions to Samsung's latest phones. Regarding the latter, a portion of the patches addresses various security issues with the Snapdragon 835 and the Exynos 8895 system-on-chip, both of which are expected to power the upcoming Galaxy S8 flagship.
In addition to that, the January security update also includes fixes for vulnerabilities present in the Snapdragon 820 and the Exynos 8890 chipset fueling the Galaxy S7 and the Galaxy S7 Edge. As always, some of the Samsung Vulnerabilities and Exposures (SVE) fixed in this update address minor bugs which could hardly be exploited in practice but were still dealt with as a precaution. The January Security Patch includes only a single fix for a vulnerability whose severity Samsung rated as "High." The problem in question is related to the EAS Autodiscover service as this solution would unveil user credentials to some subdomains when a user logged into their email account under certain conditions. Naturally, the company didn't go into any details regarding these circumstances, but it did disclose that the code responsible for sending secure data has since been removed, which prevents the EAS Autodiscover from being exploited to send user credentials to unauthorized parties.
A more detailed breakdown of Samsung's January Security Patch is available at the source link below. The South Korean phone maker didn't reveal much information about specific fixes, which is standard practice seeing how many fixed vulnerabilities are often connected to larger software weaknesses which aren't necessarily addressed by the time users download the latest Android security patch. Most of the addressed vulnerabilities are marked as being privately disclosed to Samsung for similar reasons. The January Security Patch should already be available for download on the unlocked variants of Samsung's latest flagship devices. Owners of the locked variants of the company's major flagships should receive their update by the end of the month.