Samsung has just confirmed details of its last security update of 2024, which includes critical fixes for Galaxy phones with attacks confirmed underway. This release followed within hours of Google’s monthly Android security bulletin, and will include a raft of Android fixes as well as those from Samsung itself.
One of the fixes confirmed this month is the long overdue Qualcomm patch for a vulnerability disclosed in October, which was discovered by Google’s threat hunters with attacks underway, and prompted the US government’s cyber defense agency to mandate all federal employee phones to be updated before the end of October.
As ever, CISA’s mandates apply more broadly than just to federal staff, with its remit to help keep all organizations safe from cyber attacks. All Galaxy owners should ensure they install the update as soon as it’s available for their model, region and carrier. You can find out if your device is due a monthly update here.
Qualcomm warned that “there are indications from Google Threat Analysis Group that CVE-2024-43047 may be under limited, targeted exploitation.” It says it made fixes available to device OEMs in September and urged them to deploy those patches “on released devices as soon as possible.” Samsung told me updates have been rolling out since then, albeit we haven’t seen any formal confirmation until now.
There were reports that Samsung had updated some devices twice during the month of November, but we don’t have details of any of the security vulnerabilities this may have addressed. At least we now know that December is something of a catch-all.
There are six critical Android fixes (CVE-2024-38408, CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747, CVE-2024-49748) this month, and one critical Samsung memory fix (CVE-2024-49415), which stops potential attacks from executing remote code on Galaxy devices.
While it’s critical all Galaxy owners update as soon as possible, more attention is on Android 15 and One UI 7 at the moment, with frustration at the delays to even the beta release. This is now expected this month at least for the newest S24s in certain countries. Most users will need to await the stable release in 2025, though.
Meanwhile, there are unauthorized downloads doing the rounds online, promising a sneak peek at One UI 7 apps. These should be avoided, given that installing such apps is dangerous and might bring you more than an early Android 15 experience.