Samsung unveils its December 2024 security update

In today's increasingly connected world, the security of our mobile devices has become a top priority. Samsung, the undisputed leader in the smartphone market, continues to demonstrate its commitment to protecting its users through its monthly security updates. This December 2024 is no exception, and the South Korean company has revealed the details of its latest security patch, which promises to further strengthen the defense of Galaxy devices against potential cyber threats.

Security updates not only fix known vulnerabilities but also improve the operating system's overall resilience against future threats. For Samsung Galaxy device users, these updates are particularly valuable, as they combine Google's security fixes for Android with specific solutions developed by Samsung for its One UI customization layer.

December Security Update Details

Although the December security patch hasn't been officially released for any Galaxy devices yet, Samsung has provided crucial information about the fixes this update will include. This preview gives us a glimpse into the security improvements that will soon be available to Samsung users.

Google Fixes

The December 2024 security update will incorporate the latest security fixes provided by Google. These address critical and high-risk vulnerabilities in the Android 13 operating system, which powers Samsung's One UI 5.1 interface on many of its current devices.

It's important to note that, this time, all the vulnerabilities Google patched are classified as critical or high-risk. The absence of moderate-level fixes suggests that Google has prioritized the most serious threats, which is good news for overall user security.

 

Samsung Specific Fixes (SVE)

In addition to Google's fixes, Samsung has developed its own solutions for specific vulnerabilities in its devices. In total, nine SVEs (Samsung Vulnerabilities and Exposures) have been identified, of which details have been revealed for six:

• SVE-2024-1485 (CVE-2024-49410): Addresses an out-of-bounds write vulnerability in libswmextractor.so. This vulnerability could allow an attacker to write data to unauthorized memory areas, potentially leading to malicious code execution.
  
  
• SVE-2024-1808 (CVE-2024-49411): Addresses a path traversal issue in ThemeCenter. This vulnerability could allow an attacker to access files or directories outside the intended boundaries, compromising system security.
  
  
• SVE-2024-1845 (CVE-2024-49415): Addresses another out-of-bounds write vulnerability, this time in libsaped.so. Similar to the first, this fix prevents potential memory manipulations that could lead to unauthorized code execution.
  
  
• SVE-2024-1885 (CVE-2024-49412): Addresses improper input validation in Settings. This improvement prevents malicious input from being mishandled, which could lead to unexpected behavior or compromise device security.
  
  
• SVE-2024-2044 (CVE-2024-49413) : Addresses an incorrect cryptographic signature verification in SmartSwitch. This fix is ​​crucial to ensure that only legitimate and verified software can be installed or transferred via this tool.
  
  
• SVE-2024-2166 (CVE-2024-49414): Prevents authentication bypass via an alternate route in DeX mode. This improvement is particularly important for users using their Galaxy devices in DeX mode, ensuring that established security mechanisms cannot be circumvented.

Additional corrections

In addition to the aforementioned vulnerabilities, the December patch will also include two important fixes related to Samsung Semiconductor. These are:

• CVE-2024-39343 : A high-risk vulnerability in hardware components.

• CVE-2024-39890 : Another vulnerability classified as high risk, also related to hardware elements.

While no specific details have been provided about these vulnerabilities, their "high risk" rating underscores the importance of applying this update as soon as it becomes available.

How to update your Samsung Galaxy device

For users eager to receive this important security update, the verification and update process is simple:

1. Open the “Settings” app on your Samsung Galaxy device.

2. Scroll down and select “Software Update.”

3. Tap “Download and Install.”

4. If the update is available, follow the on-screen instructions to install it.

It's important to note that updates are rolled out gradually, so not all devices may receive the update at the same time. If you don't see the update immediately, it's recommended to check periodically over the next few days.