Samsung has confirmed the contents of its December 2024 security update through its monthly security bulletin. The update includes fixes from both Google and Samsung, as well as a couple of high-security fixes from Samsung Semiconductor.
The December 2024 security patch contains fixes for several critical vulnerabilities, including CVE-2024-38408, CVE-2024-43096, and CVE-2024-43770. High-severity vulnerabilities are also addressed, such as CVE-2024-34747, CVE-2024-40671, and CVE-2023-35659.
Samsung Mobile’s side of the update includes 8 SVE (Samsung Vulnerabilities and Exposures) items, with six having been disclosed. These include out-of-bounds write issues in libswmfextractor.so and libsaped.so, as well as improper input validation in Settings and authentication bypass using an alternate path in Dex Mode.
Two Samsung Semiconductor vulnerabilities are also included in the update, labeled as high-security risks and known as CVE-2024-39343 and CVE-2024-39890. However, it’s unclear when the December 2024 security patch will be rolled out to Galaxy devices, although it is expected to follow soon.
Source: https://www.sammobile.com/news/samsung-monthly-updates-december-2024-security-patch-detailed