Galaxy S24 users need to install the December security update ASAP. Here's why

By
0comments
Samsung Android
The Galaxy S24 Ultra's rear panel faces the camera as the phone is being held in someone's left hand.
Samsung has started pushing out the December security update for those Galaxy S24, Galaxy S24+, and Galaxy S24 Ultra users who have decided not to install the beta version of One UI 7/Android 15. Sure, security updates don't include new features and the impact of these updates is not something tangible that you can see. But in the case of Samsung's December security update, it contains some important patches that will prevent attackers from exploiting vulnerabilities that could allow a bad actor to gain complete control over your Galaxy S24 model and other Samsung Galaxy phones.

The security update is available now to Galaxy S24 series users in Korea, those with the unlocked variants in the U.S., and T-Mobile subscribers using a locked version of this year's Galaxy S24 series in the U.S. If your phone has the update, you can download it by going to Settings > Software Updates > Download and install. Keep in mind that if you install the One UI 7 beta, you will not receive a stable version of the security update.

The December Samsung security update includes six patches to fix issues deemed to be critical. These six include CVE-2024-38408, CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747, and CVE-2024-49748. Another vulnerability, CVE-2024-49415, is an issue created by Samsung. The company warns that if this last flaw is not patched, it will allow "remote attackers to execute arbitrary code."

As a result, you must patch CVE-2024-49415 because if the vulnerability is exploited it could lead an attacker to execute malicious code on your device remotely. The attacker could get control over the system allowing him to deploy ransomware, steal sensitive and personal data, and generate other attacks on the system. This fix alone should have those with a Galaxy S24 series handset scurrying to install the December Samsung security update as soon as it arrives.

CVE-2024-49415 unpatched can allow a remote attacker to execute malicious code on your phone.
CVE-2024-49415 unpatched can allow a remote attacker to execute malicious code on your phone. | Image-credit-Samsung Mobile

Believe it or not, CVE-2024-49415 is not the most dangerous exploit that needs to be patched. The most important "fix" that comes with the December Samsung security update is one from Qualcomm that repairs a critical flaw involving Snapdragon chips, CVE-2024-43047. Google noted that this vulnerability was being exploited on a limited basis by attackers. A patch for this vulnerability was released by Qualcomm in October and was made available for Pixel phones in November.

The good news for those rockin' one of the Galaxy S24 series handsets is that CVE-2024-43047 doesn't affect Sammy's 2024 flagship phones. But the aforementioned CVE-2024-49415 does which means that no matter which Samsung phone you own, it is imperative that you install the December Samsung security update as soon as you can.
