Samsung has just announced the details of the December 2024 security patch in its monthly security bulletin. Although no Galaxy devices have received this update yet, the company is ready to roll it out in the near future with many important security improvements.

The December 2024 patch includes security fixes from both Google and Samsung, along with some additional fixes from Samsung Semiconductor. According to Google, this update addresses critical and high-severity vulnerabilities, but no moderate vulnerabilities have been reported.

The list of critical vulnerabilities fixed includes:

  • CVE-2024-38408
  • CVE-2024-43096
  • CVE-2024-49747, and many others.

The high-level vulnerabilities fixed are also quite diverse, including codes such as CVE-2024-34747, CVE-2024-40671, CVE-2024-43762, and many others.

Samsung Mobile also participated in patching 8 SVE (Samsung Vulnerabilities and Exposures) vulnerabilities, of which 6 vulnerabilities have been disclosed in detail:

  • SVE-2024-1485: Out-of-bounds write in libswmfextractor.so.
  • SVE-2024-1808: Path traversal in ThemeCenter.
  • SVE-2024-1845: Out-of-bounds write in libsaped.so.
  • SVE-2024-1885: Improper input validation in Settings.
  • SVE-2024-2044: Improper cryptographic signature verification in SmartSwitch.
  • SVE-2024-2166: Bypass authentication using alternate paths in Dex mode.

Additionally, Samsung Semiconductor has contributed two fixes for high-security vulnerabilities, CVE-2024-39343 and CVE-2024-39890.

While no Galaxy devices have received the December 2024 security patch as of this writing, Samsung plans to roll it out OTA soon. Galaxy users should regularly check for updates to ensure their devices are always protected.